An anonymous reader quotes a report from Gizmodo, written by climate reporter Brian Kahn: In a major announcement at United Nations climate talks on Thursday, 20 countries said they would stop funding fossil fuel development abroad and instead plow money into clean energy. The group of countries includes finance heavy-hitters like the U.S., UK, and Canada as well as smaller players like Mali and Costa Rica. An analysis by Oil Change International indicates that the 20 countries plus four other investment institutions who signed on could shift $15 billion annually from funding fossil fuels to clean energy projects. "The signatories of today's statement are doing what's most logical in a climate emergency: stop adding fuel to the fire and shift dirty finance to climate action," Laurie van der Burg, the global public finance campaigns co-manager at Oil Change International, said in an emailed statement.

[T]he agreement doesn't pull funding from projects already in the pipeline (climate joke, please laugh). Between 2018 and 2020, Oil Change International also found, the G20 kicked an estimated $188 billion to fossil fuel projects in other countries. That's a lot of very recent extraction happening. The lack of financing abroad also doesn't mean a lack of financing at home. The U.S. and Canada, for example, are major oil and gas producers. Without a plan to wind down production at home, the pledge to end financing for fossil fuels abroad is a bit like promising you won't lend your neighbor money for cigarettes while you keep smoking a pack a day.

Some of the biggest smokers -- errr, fossil fuel funders -- on the block also didn't sign on. Those include Japan, Korea, and China, which are the biggest fossil fuel backers in the G20, according to Oil Change International. Together, they account for more than $29 billion in annual fossil fuel development abroad. That's a major lifeline for fossil fuel developers. We also still need more details on the pledge to end funding, including how exactly the 20 countries and banks define fossil fuel funding. Lastly, the world's private banks and investment firms also need to sign on.

The U.S. Court of Federal Claims ruled against Jeff Bezos' Blue Origin in the company's lawsuit versus NASA over a lucrative astronaut lunar lander contract awarded to Elon Musk's SpaceX earlier this year. Federal judge Richard Hertling sided with the defense in his ruling, completing a months-long battle after Blue Origin sued NASA in August. From a report: Blue Origin, NASA, and SpaceX did not immediately respond to requests for comment on the ruling. NASA in April awarded SpaceX with the sole contract for the agency's Human Landing System program under a competitive process. Worth $2.9 billion, the SpaceX contract will see the company use its Starship rocket to deliver astronauts to the moon's surface for NASA's upcoming Artemis missions.

23andMe CEO Anne Wojcicki wants to make drugs using insights from millions of customer DNA samples, and doesn't think that should bother anyone. From a report: A few months ago, on the morning 23andMe Holding Co. was about to go public, Chief Executive Officer Anne Wojcicki received a framed sheet of paper she hadn't seen in 15 years. As she was preparing to ring in the Nasdaq bell remotely from the courtyard of her company's Silicon Valley headquarters, Patrick Chung, one of its earliest investors, presented her with the pitch document she'd shown him when she was first asking for money, reproduced on two pieces of paper so she could see both sides. The one-sheet outlined a radical transformation in the field of DNA testing. Wojcicki's plan back then was to turn genetics from the rarefied work of high-end labs into mainstream health and quasi entertainment products.

First she'd sell tastemakers on her mail-in spit kits as a way to learn sort-of-interesting things about their DNA makeup, such as its likely ancestral origins and the chance it would lead to certain health conditions. Eventually she'd be able to lower prices enough to make the kits broadly accessible, allowing 23andMe to build a database big enough to identify new links between diseases and particular genes. Later, this research would fuel the creation of drugs the company could tailor to different genetic profiles. 23andMe would become a new kind of health-care business, sitting somewhere between a Big Pharma lab, a Big Tech company, and a trusted neighborhood doctor.

Some of this still sounds as far off now as it did during the Bush years. Improbably, though, 23andMe has rounded second base and is heading for third. Wojcicki did sell millions of people on DNA test kits -- 11 million and counting -- and bring such tests to the mainstream, with some help from Oprah's holiday gift guide. An estimated 1 in 5 Americans have turned over their genetic material to 23andMe or one of its competitors. Now that she's got the data, Wojcicki is working on the drugs. Her company is collaborating on clinical trials for one compound (and nearing trials for another) that could be used for what's known as immuno-oncology, treatments that attempt to harness the body's complex immune system to beat cancer. 23andMe says it's also exploring drugs with potential use in treatments for neurological, cardiovascular, and other conditions, though it declined to specify them. Last month the company bought Lemonaid Health, a telehealth and drug delivery startup that offers treatment and prescriptions for a select group of conditions, including depression, anxiety, and STDs.

An anonymous reader quotes a report from Vox: Facebook says it will stop using facial recognition for photo-tagging. In a Monday blog post, Meta, the social network's new parent company, announced that the platform will delete the facial templates of more than a billion people and shut off its facial recognition software, which uses an algorithm to identify people in photos they upload to Facebook. This decision represents a major step for the movement against facial recognition, which experts and activists have warned is plagued with bias and privacy problems. But Meta's announcement comes with a couple of big caveats. While Meta says that facial recognition isn't a feature on Instagram and its Portal devices, the company's new commitment doesn't apply to its metaverse products, Meta spokesperson Jason Grosse told Recode. In fact, Meta is already exploring ways to incorporate biometrics into its emerging metaverse business, which aims to build a virtual, internet-based simulation where people can interact as avatars. Meta is also keeping DeepFace, the sophisticated algorithm that powers its photo-tagging facial recognition feature.

"We believe this technology has the potential to enable positive use cases in the future that maintain privacy, control, and transparency, and it's an approach we'll continue to explore as we consider how our future computing platforms and devices can best serve people's needs," Grosse told Recode. "For any potential future applications of technologies like this, we'll continue to be public about intended use, how people can have control over these systems and their personal data, and how we're living up to our responsible innovation framework."

An anonymous reader quotes a report from Motherboard: Former police officer, vegan, and mayor-elect of New York City Eric Adams has dreams of putting the Big Apple on the blockchain. In an interview with Bloomberg Radio on Wednesday, Adams bragged that he would finally transform the city into one hospitable to cryptocurrency. "We need to look at what's preventing the growth of bitcoins and cryptocurrency in our city," Adams told Bloomberg on Wednesday. He pointed to Miami, which has recently attempted to attract the cryptocurrency industry to the city, teasing a "friendly competition" on the horizon. "He has a MiamiCoin that is doing very well -- we're going to look in the direction to carry that out."

Adams has been promising to do this since he was a candidate last year, vowing to make the city a hub of all things crypto. "I'm going to promise you in one year, you're going to see a different city," he said at one event last June. "We're going to bring businesses here. We're going to become the center of life science, the center of cybersecurity, the center of self-driving cars and drones, the center of bitcoins, the center of all the technology," It's still not clear what that actually means or would entail. This may mean contending with the state's cryptocurrency regulations -- namely the Bitlicense. Introduced in 2015, the Bitlicense is a requirement for any entity that wants to carry out cryptocurrency-related transactions.

Three years after an employee revolt forced Google to abandon work on a Pentagon program that used artificial intelligence, the company is aggressively pursuing a major contract to provide its technology to the military. From a report: The company's plan to land the potentially lucrative contract, known as the Joint Warfighting Cloud Capability, could raise a furor among its outspoken work force and test the resolve of management to resist employee demands. In 2018, thousands of Google employees signed a letter protesting the company's involvement in Project Maven, a military program that uses artificial intelligence to interpret video images and could be used to refine the targeting of drone strikes. Google management caved and agreed to not renew the contract once it expired.

The outcry led Google to create guidelines for the ethical use of artificial intelligence, which prohibit the use of its technology for weapons or surveillance, and hastened a shake-up of its cloud computing business. Now, as Google positions cloud computing as a key part of its future, the bid for the new Pentagon contract could test the boundaries of those A.I. principles, which have set it apart from other tech giants that routinely seek military and intelligence work. The military's initiative, which aims to modernize the Pentagon's cloud technology and support the use of artificial intelligence to gain an advantage on the battlefield, is a replacement for a contract with Microsoft that was canceled this summer amid a lengthy legal battle with Amazon. Google did not compete against Microsoft for that contract after the uproar over Project Maven.

The Pentagon's restart of its cloud computing project has given Google a chance to jump back into the bidding, and the company has raced to prepare a proposal to present to Defense officials, according to four people familiar with the matter who were not authorized to speak publicly. In September, Google's cloud unit made it a priority, declaring an emergency "Code Yellow," an internal designation of importance that allowed the company to pull engineers off other assignments and focus them on the military project, two of those people said. On Tuesday, the Google cloud unit's chief executive, Thomas Kurian, met with Charles Q. Brown, Jr., the chief of staff of the Air Force, and other top Pentagon officials to make the case for his company, two people said. Google, in a written statement, said it is "firmly committed to serving our public sector customers" including the Defense Department, and that it "will evaluate any future bid opportunities accordingly."

The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. From a report: The call came from PayPal's fraud prevention system. Someone had tried to use my PayPal account to spend $58.82, according to the automated voice on the line. PayPal needed to verify my identity to block the transfer. "In order to secure your account, please enter the code we have sent your mobile device now," the voice said. PayPal sometimes texts users a code in order to protect their account. After entering a string of six digits, the voice said, "Thank you, your account has been secured and this request has been blocked. Don't worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up," the voice said.

But this call was actually from a hacker. The fraudster used a type of bot that drastically streamlines the process for hackers to trick victims into giving up their multi-factor authentication codes or one-time passwords (OTPs) for all sorts of services, letting them log in or authorize cash transfers. Various bots target Apple Pay, PayPal, Amazon, Coinbase, and a wide range of specific banks. Whereas fooling victims into handing over a login or verification code previously would often involve the hacker directly conversely with the victim, perhaps pretending to be the victim's bank in a phone call, these increasingly traded bots dramatically lower the barrier of entry for bypassing multi-factor authentication.

After Canada, now Australia has found that controversial facial recognition company, Clearview AI, broke national privacy laws when it covertly collected citizens' facial biometrics and incorporated them into its AI-powered identity matching service -- which it sells to law enforcement agencies and others. From a report: In a statement today, Australia's information commissioner and privacy commissioner, Angelene Falk, said Clearview AI's facial recognition tool breached the country's Privacy Act 1988 by:

Collecting Australians' sensitive information without consent
Collecting personal information by unfair means
Not taking reasonable steps to notify individuals of the collection of personal information
Not taking reasonable steps to ensure that personal information it disclosed was accurate, having regard to the purpose of disclosure
Not taking reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles.

UnknowingFool writes: The civil trial of Ira Kleiman vs. Craig Wright started on Monday in Miami. The estate of David Kleiman is suing Craig Wright, the self declared inventor of bitcoin, for 50% ownership of 1.1 million bitcoins. The estate claims Kleiman was in a partnership with Wright to mine the coins but after Kleiman died in April 2013, Wright denied any partnership. At over $60,000 each per bitcoin, this case is currently worth $65 billion.

Craig Wright has previously claimed he is the inventor of Bitcoin, Satoshi Nakamoto, which has been met with skepticism based on his inability to show any proof. In this case, Wright has made numerous dubious claims. After the case was filed in 2018, Wright claimed he did not have the keys to the coins but that they would be arriving in January 2020 through a "bonded courier." After January 2020, Wright provided keys to the estate for verification which the estate claims the bitcoins were fake. Expressing skepticism that the courier even existed, the estate asked for more information about the courier. Wright then claimed the identity of the courier and all communications were protected under attorney-client privilege as the courier was an attorney.

Facebook plans to shut down its decade-old facial recognition system this month, deleting the face scan data of more than one billion users and effectively eliminating a feature that has fueled privacy concerns, government investigations, a class-action lawsuit and regulatory woes. From a report: Jerome Pesenti, vice president of artificial intelligence at Meta, Facebook's newly named parent company, said in a blog post on Tuesday that the social network was making the change because of "many concerns about the place of facial recognition technology in society." He added that the company still saw the software as a powerful tool, but "every new technology brings with it potential for both benefit and concern, and we want to find the right balance." The decision shutters a feature that was introduced in December 2010 so that Facebook users could save time.

The facial-recognition software automatically identified people who appeared in users' digital photo albums and suggested users "tag" them all with a click, linking their accounts to the images. Facebook now has built one of the largest repositories of digital photos in the world, partly thanks to this software. Facial-recognition technology, which has advanced in accuracy and power in recent years, has increasingly been the focus of debate because of how it can be misused by governments, law enforcement and companies. In China, authorities use the capabilities to track and control the Uighurs, a largely Muslim minority. In the United States, law enforcement has turned to the software to aid policing, leading to fears of overreach and mistaken arrests. Some cities and states have banned or limited the technology to prevent potential abuse.

A U.S. Treasury Department-led regulatory body called on Monday for Congress to regulate issuers of "stablecoins" like banks and urged financial agencies to assess whether the role of these fast-growing digital assets in the country's payments system posed a systemic risk. Reuters reports: The hotly awaited report by the President's Working Group on Financial Markets will likely boost policymakers' efforts to put guardrails around stablecoins, a type of digital asset pegged to traditional currencies which the body said could pose threats to the broader financial system. Stablecoins, which include the likes of Tether, USD Coin and Binance USD, have ballooned 500% to reach a market cap of $127 billion over the past 12 months, according to the report. "The rapid growth of stablecoins increases the urgency of this work," the report stated. "Failure to act risks growth of payment stablecoins without adequate protection for users, the financial system, and the broader economy."

While stablecoins are primarily used to facilitate trading in other cryptocurrencies, they could become widely used by households and businesses to make payments, the report said. Currently, though, stablecoins have a wide range of policies governing disclosures, what assets are held in reserve to back the coins, and around redemption rights, all of which could make them susceptible to runs if users lose confidence in the asset. "Runs could spread contagiously from one stablecoin to another, or to other types of financial institutions that are believed to have a similar risk profile. Risks to the broader financial system could rapidly increase as well, especially in the absence of prudential standards," the report warned. Chief among the report's recommendations is for Congress to "urgently" pass a law that would regulate stablecoin issuers akin to insured depository institutions, subjecting them to strict supervision by banking regulators while also providing some form of government backstop in the event of crises.

The U.S. Copyright Office "is expanding a legal shield for fixing digital devices," reports the Verge, "including cars and medical devices."

Earlier this week the office "submitted new exemptions to Section 1201 of the Digital Millennium Copyright Act, which bars breaking software copy protection. The resulting rules include a revamped section on device repair, reflecting renewed government pressure around 'right to repair' issues." [T]his latest rulemaking adopts repair-related proposals from the Electronic Frontier Foundation, iFixit, and other organizations. The Librarian of Congress adopted the recommendations in a final rule that will take effect [Thursday].

The exemptions replace an itemized list of repairable devices with broad protections for any consumer devices that rely on software to function, as well as land and sea vehicles and medical devices that aren't consumer-focused. The rulemaking doesn't rewrite the exemption to cover all non-consumer devices, and it doesn't cover all "modification," only "diagnosis, maintenance, and repair." For video game consoles specifically, repair only covers repairing the device's optical drives and requires reenabling any technological protection measures that were circumvented afterward.
The Verge notes that Acting General Counsel Kevin Amer told reporters the exemption should prove useful, adding that their decision had been influenced by an earlier executive order from the Biden administration supporting third-party and consumer repair work. The article also notes other U.S. agencies are also moving on the issue. "The Federal Trade Commission, for instance, has pledged to fight business practices that lock out independent repair shops.

"This copyright rulemaking doesn't address those practices, but it helps lift a legal threat hanging over technicians and consumers."

From the editorial board of the Pittsburgh Post-Gazette: In 1947, more than 4 million Americans owned $3.4 billion in saving deposits held not by a bank or credit union, but by the United States Postal Service. It's a largely forgotten part of American banking (and postal) history that the USPS ran the Postal Savings System for 56 years, from 1911 to 1967... [T]o this day postal services around the world provide small-scale financial services, from check cashing to savings accounts to e-commerce solutions, such as allowing refunds for returned goods to be deposited directly into a consumer's postal account. In September, the U.S. Postal Service took the first steps toward restoring its place in Americans' financial lives: At four East Coast post offices, customers can now get paychecks or business checks worth up to $500 cashed for a flat fee of $5.95....

Postal banking has the potential to reorient the American financial landscape for the benefit the most vulnerable. A fifth of Americans are considered "unbanked" or "underbanked," often relying on unscrupulous payday lenders because they lack the week-to-week security to set even a little aside in a traditional account. According to a 2014 USPS report, in 2012 alone these "alternative financial services" wrung $89 billion in interest and fees out of the poorest Americans... Postal banking also has a bipartisan pedigree. While it has most recently been a centerpiece of the progressive platforms of Sen. Bernie Sanders, I-Vt., it has also been promoted by reformist conservatives as a way to get and keep capital in local communities, rather than having it held in the coffers of multinational conglomerates.

And finally, an expansion into basic financial services may be essential to the very survival of the U.S. Postal Service. As Amazon and private shipping companies continue to press their advantage, the Postal Service can press its own: thousands of locations in every nook and cranny of the country, along with broad community trust.
This modest pilot "is the foundation for more expansive contemplated postal banking services that could include bill-paying services, ATM access and money-order and wire-transfer capabilities," argues a follow-up piece in the same newspaper: Local bank branches are shuttering in communities all across our country, and mainstream banks are failing to offer financial services that meet the needs of many communities... Robust postal banking, which should ultimately include checking and savings accounts as well as loan options, could step into the breach and provide equitable, accessible and affordable financial services to people who lack access to traditional bank services and would otherwise have to turn to high-cost and low-value fringe financial institutions... Underbanked households have an average annual income of $25,000 and typically spend approximately 10% of their income on fees and interest to fringe financial institutions simply to access their money — an amount equal to what the average household spends on food annually...

Postal banking provides an economic lifeline to countless Americans living in banking deserts. The Postal Service's 34,000 facilities service every ZIP code in the country. More than two-thirds of the census tracts that have a post office do not have a bank branch. Postal banking also provides transparent and equitable services and costs. Traditional bank fees and requirements — such as minimum balance requirements, activity fees and overdraft charges — exclude low-income and small-balance customers... Postal banking is a key pathway from poverty to economic mobility for millions of Americans and also produces significant revenue and opportunities for the Postal Service to flourish and expand its business model.

"The third time my 1999 Honda Civic was stolen, I had a plan," writes Washington Post technology reporter Heather Kelly. Specifically, it was a tile tracker hidden in the car, "quietly transmitting its approximate location over Bluetooth." Later that day, I was across town hiding down the block from my own car as police detained the surprised driver. When the Tile app pinged me with a last known location, I showed up expecting the car to be abandoned. I quickly realized it was still in use, with one person looking through the trunk and another napping in the passenger seat, so I called the police...

In April of this year, one month after my car was stolen, Apple released the $29 AirTag, bringing an even more effective Bluetooth tracking technology to a much wider audience. Similar products from Samsung and smaller brands such as Chipolo are testing the limits of how far people will go to get back their stolen property and what they consider justice. "The technology has unintended consequences. It basically gives the owner the ability to become a mini surveillance operation," said Andrew Guthrie Ferguson, a law professor at the American University Washington College of Law...

Apple has been careful to never say AirTags can be used to recover stolen property. The marketing for the device is light and wholesome, focusing on situations like lost keys between sofa cushions. The official tagline is "Lose your knack for losing things" and there's no mention of crime, theft or stealing in any of the ads, webpages or support documents. But in reality, the company has built a network that is ideal for that exact use case. Every compatible iPhone, iPad and Mac is being silently put to work as a location device without their owners knowing when it happens. An AirTag uses Bluetooth to send out a ping with its encrypted location to the closest Apple devices, which pass that information on to the Apple cloud. That spot is visible on a map in the Find My app. The AirTag owner can also turn on Lost Mode to get a notification the next time it's detected, as well as leave contact information in case it's found. Apple calls this the Find My network, and it also works for lost or stolen Apple devices and a handful of third-party products. The proliferation of compatible Apple devices — there are nearly a billion in the network around the world — makes Find My incredibly effective, especially in cities. (Apple device owners are part of the Find My network by default, but can opt out in settings, and the location information is all encrypted...)

All the tracker companies recommend contacting law enforcement first, which may sound logical until you find yourself waiting hours in a parking lot for officers to address a relatively low-priority crime, or having to explain to them what Bluetooth trackers are.
The Times shares stories of two people who tried using AirTags to track down their stolen property. One Seattle man tracked down his stolen electric bike — and ended up pedalling away furiously on the (now out of power) bicycle as the suspected thief chased after him.

And an Ohio man waited for hours in an unfamiliar drugstore parking lot for a response from the police, eventually travelling with them to the suspect's house — where his stolen laptop was returned to the police officer by a man holding two babies in his arms.

Some parents have even hidden them in their childrens' backpacks, and pet owners have hidden them in their pet's collars, the Times reports — adding that the EFF's director of cybersecurity sees another possibility. "The problem is it's impossible to build a tool that is designed to track down stolen items without also building the perfect tool for stalking."

To fund the Truth social network, former U.S. president Trump merged it with a special purpose acquisition company (or "SPAC"), reports the New York Times. "The result is that Mr. Trump — largely shut out of the mainstream financial industry because of his history of bankruptcies and loan defaults — secured nearly $300 million in funding for his new business."

But there may be a hitch: To get his deal done, Mr. Trump ventured into an unregulated and sometimes shadowy corner of Wall Street, working with an unlikely cast of characters: the former "Apprentice" contestants, a small Chinese investment firm and a little-known Miami banker named Patrick Orlando. Mr. Orlando had been discussing a deal with Mr. Trump since at least March, according to people familiar with the talks and a confidential investor presentation reviewed by The New York Times.

That was well before his SPAC, Digital World Acquisition, made its debut on the Nasdaq stock exchange last month. In doing so, Mr. Orlando's SPAC may have skirted securities laws and stock exchange rules, lawyers said... SPACs aren't supposed to have a merger planned at the time of their I.P.O. Lawyers and industry officials said that talks between Mr. Orlando and Mr. Trump or their associates consequently could draw scrutiny from the Securities and Exchange Commission.

Another issue is that Digital World's securities filings repeatedly stated that the company and its executives had not engaged in any "substantive discussions, directly or indirectly," with a target company — even though Mr. Orlando had been in discussions with Mr. Trump. Given the politically fraught nature of a deal with Mr. Trump, securities lawyers said that Digital World's lack of disclosure about those conversations could be considered an omission of "material information."
The Times adds that Trump had previously even discussed merging Trump Media with a smaller SPAC created with help from the same Shanghai-based investment bank — which "specialized in helping Chinese companies list on U.S. stock exchanges."

"U.S. tech giant Google has paid Russia more than 32 million roubles ($455,079) in fines," reports Reuters, "for failing to delete content Moscow deems illegal, the company and a Russian lawmaker said after talks on Monday." Russia last week said it would seek to fine the U.S. tech giant a percentage of its annual Russian turnover later this month for repeatedly failing to delete banned content on its search engine and YouTube, in Moscow's strongest move yet to rein in foreign tech firms... Russia's state communications regulator, Roskomnadzor, on Monday said it has the technical capability to slow down the speed of YouTube, Interfax reported, but that administrative measures are currently sufficient.

In 2020, Google's compliance with requests to delete content was 96.2%, Pancini said, and in the first half of this year, it removed over 489,000 videos, but Russia said too much banned content still remained available.

According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoena'd Signal for a whole pile of user data, like subscriber information, financial information, transaction histories, communications, and more. HotHardware reports: The thing is, the subpoena is moot: Signal simply doesn't have the data to provide. The company can't provide any of the data that the grand jury is asking for because, as the company itself notes, "Signal doesn't have access to your messages, your chat list, your groups, your contacts, your stickers, [or] your profile name or avatar." The only things that Signal can offer up to the court are Unix timestamps for when the accounts in question were created and last accessed the service.

The announcement (and, we suppose, this news post) essentially amounts to an advertisement for Signal, but it's an amusing -- or possibly distressing -- anecdote nonetheless. While Signal is secure, keep in mind that the messages still originate from your device, which means that other apps on your device (like, say, your keyboard) could still be leaking your data. Lest you doubt Signal's story, the app creators have published the subpoena, suitably redacted, on their blog.

The head of America's Intelligence Community reports that the U.S. intelligence community "was able to reach broad agreement" on several key issues about the origins of COVID-19.

"We judge the virus was not developed as a biological weapon," they announced today.

In addition, the U.S. intelligence community report includes a second new assessment: that China's officials "did not have foreknowledge of the virus before the initial outbreak of COVID-19 emerged."

Beyond that, they note that most of the intelligence community's agencies also specifically assess that SARS-CoV-2 "probably was not genetically engineered" (albeit with "low confidence"). Of the 19 member agencies in the U.S. intelligence community, just two believed that there just wasn't enough evidence to actually issue an assessment of either possibility, the report adds.

The [U.S.] intelligence community judges they will be unable to provide a more definitive explanation for the origin of COVID-19 unless new information allows them to determine the specific pathway for initial natural contact with an animal or to determine that a laboratory in Wuhan was handling SARS-CoV-2 or a close progenitor virus before COVID-19 emerged. The intelligence community — and the global scientific community — lacks clinical samples or a complete understanding of epidemiological data from the earliest COVID-19 cases. If we obtain information on the earliest cases that identified a location of interest or occupational exposure, it may alter our evaluation of hypotheses.

China's cooperation most likely would be needed to reach a conclusive assessment of the origins of COVID-19. Beijing, however, continues to hinder the global investigation, resist sharing information, and blame other countries, including the United States. These actions reflect, in part, China's government's own uncertainty about where an investigation could lead as well as its frustration the international community is using the issue to exert political pressure on China.
In assessing whether a lab incident or a "natural" exposure to an infected animal caused the outbreak, they cited assessments from eight different U.S. intelligence community elements. Half of them agreed with the National Intelligence Council assessment (with low confidence) "that the initial SARS-CoV-2 infection was most likely caused by natural exposure to an animal infected with it or a close progenitor virus — a virus that probably would be more than 99 percent similar to SARS-CoV-2. These analysts give weight to China's officials' lack of foreknowledge, the numerous vectors for natural exposure, and other factors."

Three of the remaining four "remain unable to coalesce around either explanation without additional information, with some analysts favoring natural origin, others a laboratory origin, and some seeing the hypotheses as equally likely." One element did assess "with moderate confidence that the first human infection with SARS-CoV-2 most likely was the result of a laboratory-associated incident, probably involving experimentation, animal handling, or sampling by the Wuhan Institute of Virology... Variations in analytic views largely stem from differences in how agencies weigh intelligence reporting and scientific publications and intelligence and scientific gaps."

The 18-page assessment includes an appendix addressing details of specific theories, but ultimately concludes that "Our growing understanding of the similarities of SARS-CoV-2 to other coronaviruses in nature and the ability of betacoronaviruses — the genus to which SARS-CoV-2 belongs — to naturally recombine suggests SARS-CoV-2 was not genetically engineered." It even notes that the much-discussed furin cleavage sites "have been identified in naturally occurring coronaviruses in the same genetic location [as in SARS-CoV-2]. This suggests that SARS-CoV-2 or a progenitor virus could have acquired its furin cleavage sites through natural recombination with another virus."

The U.S. government owes a patent holding company at least $103 million because of the Transportation Security Administration's misuse of its technology for handling trays at airport security checkpoints, a Washington, D.C.-based federal court said. Reuters reports: In an opinion (PDF) made public Friday, the U.S. Court of Federal Claims said the TSA used SecurityPoint Holdings Inc's patented methods for most of its security screenings at the largest U.S. airports since 2008 without compensating it. St. Petersburg, Florida-based SecurityPoint's founder Joseph Ambrefe offered the TSA a license to his patent in 2005 in exchange for the exclusive right to advertise on the trays at U.S. airports. The TSA had success testing SecurityPoint's technology and equipment, but refused SecurityPoint's offer.

The court said the TSA began using the same method with its own equipment later that year at most or all of the airports under its control, and SecurityPoint sued the U.S. government for patent infringement in 2011. The government conceded that it had used the technology since 2008 in 10 airports including Dallas/Fort Worth, Boston Logan, Phoenix Sky Harbor and all three major Washington, D.C.-area airports. The court rejected the government's arguments that SecurityPoint's patent was invalid in 2015, leaving questions about the extent of the government's infringement and how much it owed in damages.

After a trial last year, Senior U.S. Judge Eric Bruggink of the Court of Federal Claims said in an August opinion unsealed Friday that the government owes SecurityPoint $103.6 million in royalties from 2008 through the date of the opinion. Bruggink said the TSA's checkpoint design guides, employee testimony and expert testimony showed that with a few exceptions, SecurityPoint's tray-recycling method was "universally used as the default method for all lanes" at the largest U.S. airports.

Google is now making it easier for minors or their parents to have photos of them deleted from search results. CNN reports: In a blog post published Wednesday, the company said it is rolling out a tool that lets parents and kids under the age of 18 request photos be removed from its images tab or no longer appear as thumbnails in a search inquiry. The new form allows users to flag URLs of any images or search results that contain pictures they want removed. Google said its teams will review each submission and reach out if they need additional information to verify the requirements for removal. However, the company emphasized this won't remove the image from the internet entirely; people will need to contact a website's webmaster to ask for that content to be removed. "We know that kids and teens have to navigate some unique challenges online, especially when a picture of them is unexpectedly available on the internet," the company said in the blog post. "We believe this change will help give young people more control over their digital footprint and where their images can be found on Search."

Huq, an established data vendor that obtains granular location information from ordinary apps installed on people's phones and then sells that data, has been receiving GPS coordinates even when people explicitly opted-out of such collection inside individual Android apps, researchers and Motherboard have found. From a report: The news highlights a stark problem for smartphone users: that they can't actually be sure if some apps are respecting their explicit preferences around data sharing. The data transfer also presents an issue for the location data companies themselves. Many claim to be collecting data with consent, and by extension, in line with privacy regulations. But Huq was seemingly not aware of the issue when contacted by Motherboard for comment, showing that location data firms harvesting and selling his data may not even know whether they are actually getting this data with consent or not.

"This shows an urgent need for regulatory action," Joel Reardon, assistant professor at the University of Calgary and the forensics lead and co-founder of AppCensus, a company that analyzes apps, and who first flagged some of the issues around Huq to Motherboard, said in an email. "I feel that there's plenty wrong with the idea that -- as long as you say it in your privacy policy -- then it's fine to do things like track millions of people's every moment and sell it to private companies to do what they want with it. But how do we even start fixing problems like this when it's going to happen regardless of whether you agree, regardless of any consent whatsoever."

A security bug in the health app Docket exposed the private information of residents vaccinated against COVID-19 in New Jersey and Utah, where the app received endorsements from state officials. From a report: Docket lets residents download and carry a digital copy of their immunizations by pulling their vaccination records from their state's health authority. The digital copy has the same information as the COVID-19 paper card, but is digitally signed by the state to prevent forgeries. Docket is one of several so-called vaccine passports in the U.S., allowing residents to show their vaccination records -- or a scannable QR code -- for getting into events, restaurants or crossing into countries where vaccines are required.

But for a time, the app allowed anyone access to the QR codes of other vaccinated users -- and all the personal and vaccine information encoded within. That included names, dates of birth and information about a person's COVID-19 vaccination status, such as which type of vaccine they received and when. TechCrunch discovered the bug on Tuesday and immediately contacted the company. Docket chief executive Michael Perretta said the bug was fixed at the server level a few hours later. The bug was found in how the Docket app requests the user's QR code from its servers. The user's QR code is generated on the server in the form of a SMART Health Card, a widely accepted standard for validating a person's vaccination status across the world. That QR code is tied to a user ID, which isn't visible from the app, but can be viewed by looking at its network traffic using off-the-shelf software like Burp Suite or Charles Proxy.

An anonymous reader quotes a report from The Guardian: India's supreme court has ordered an independent inquiry into whether the government used the surveillance software Pegasus to spy illegally on journalists, activists and political opponents. The decision on Wednesday to create an independent committee to investigate whether and how the Indian state had used the Israeli spyware tool was a significant victory for privacy campaigners after years of stonewalling by Narendra Modi's government. The order was a response to cases lodged by several Indian journalists and activists, including some revealed by the Guardian and a consortium of reporting partners to have been victims of Pegasus -- a cyber-weapon capable of hacking a target's smartphone, extracting its contents and turning on the device's microphone and camera.

Pegasus is a cyber-weapon capable of hacking a target's smartphone, extracting its contents and turning on the device's microphone and camera. Analysis by the media outlets of infected phones, and of a wider list of more than 50,000 phone numbers believed to have been selected as persons of interest by clients of Pegasus' manufacturer, NSO Group, strongly indicated the Indian government was using the tool. Delhi has consistently declined to confirm if it has access to it. The committee will comprise three cybersecurity experts and its work will be overseen by a retired supreme court judge. It will submit its report in two months. The expert group will have powers to call witnesses and seek documents as part of its fact-finding mission, and can issue adverse findings against individuals or the government if they decline to cooperate. The court listed another hearing date for after the committee's reporting deadline, indicating it intended to continue pursuing the issue.

A "sophisticated" teenager has had $2.88m in cryptocurrency confiscated after he set up a phishing site and advertised it on Google, duping consumers into handing over gift voucher redemption codes. From a report: The schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results, Lincoln Crown Court was told. Crown prosecutor Sam Skinner told Her Honour Judge Catarina Sjolin Knight that the boy, whose identity is protected by a court order, harvested $8,931 worth of vouchers in the week his site was active. Love2shop began investigating in April 2020 after a customer complained, at which point the boy took down his fake site. The stolen vouchers were converted into Love2Shop vouchers on the A-level student's own account. A later police investigation discovered 12,000 credit card numbers on his computer along with details for 197 Paypal accounts. On top of that, he had 48 Bitcoins: when police arrested him in August last year these were worth $275,000 but their value has risen tenfold since. Sentencing the boy earlier this week, HHJ Knight commented in court: "If he was an adult he would be going inside."

Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm. From a report: Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders." Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos. The victory comes after controversy over a previous (and not directly related) Swiss court order that forced the company to collect mobile device push notification identifiers from a specified user's account. That user was later arrested by French police, who had asked their Swiss counterparts to obtain the surveillance order. Protonmail chief exec Andy Yen told The Register his business doesn't routinely collect such data on its users.

An anonymous reader quotes a report from Reuters: Sophie Fornairon's independent bookshop has survived the rise of Amazon thanks to a French law that prohibits price discounting on new books, but she says the e-commerce giant's ability to undercut on shipping still skews the market against stores like hers. Fornairon, who owns the Canal Bookstore in central Paris, now hopes that new legislation that would set a minimum price for book deliveries will even the contest further in the battle of neighborhood stores against Amazon. "It's a just return towards a level playing field," Fornairon, who employs four workers, said. "We're not at risk of closing down any time soon, but Amazon is a constant battle".

French law prohibits free book deliveries but Amazon has circumvented this by charging a single centime (cent). Local book stores typically charge about 5-7 euros ($5.82-8.15) for shipping a book. Amazon's pricing strategy had resulted in the growing market share of a single operator, the Ministry of Culture said. "This law is necessary to regulate the distorted competition within online book sales and prevent the inevitable monopoly that will emerge if the status quo persists," the ministry told Reuters. Centre-right Senator Laure Darcos, who drafted the law, decided upon the minimum delivery charge when she observed how bookstores maintained 70% of their business despite being forced to shut during early COVID lockdowns, because the government reimbursed the shipping fees. "It showed what a brake on business the postage costs are for local bookstores," Darcos said. Asked when the legislation would be enacted, the Ministry of Culture declined to give a date, saying it was too early to say.

Apple's privacy rules are "negatively affecting" Facebook, and its business, Facebook CEO Mark Zuckerberg claimed during its most recent earnings call. MacRumors reports: As a quick refresher, starting with iOS 14.5 and all newer versions of iOS and iPadOS, Apple requires that apps ask for users' permission to track them across other apps and websites. Under the App Tracking Transparency (ATT) framework, the latest change gives users a choice on whether they wish to be tracked for ads or other purposes. [...] Continuing on its anti-Apple's privacy rules campaign, Facebook CEO Mark Zuckerberg was quick to blame Apple for his company's lower than expected growth in the third quarter of the year. Kicking off the earnings call, Zuckerberg said Apple is "negatively affecting" Facebook but that he believes the company will be able to "navigate" the challenges Apple is presenting thanks to its long-term investments.

"As expected, we did experience revenue headwinds this quarter, including from Apple's changes that are not only negatively affecting our business, but millions of small businesses in what is already a difficult time for them in the economy. Sheryl and Dave will talk about this more later, but the bottom line is we expect we'll be able to navigate these headwinds over time with investments that we're already making today." While Zuckerberg and the Facebook executive team hold Apple's changes accountable for this quarter's performance, it may also be an asset. Zuckerberg has in the past stated that ATT could ultimately help Facebook, and it's a sentiment he again repeated during the earning's call. Apple's changes, according to Zuckerberg, are making "e-commerce and customer acquisition less effective on the web." Still, Facebook could benefit from the lessened effectiveness as "solutions that allow businesses to set up shop right inside our apps will become increasingly attractive," Zuckerberg added.

Facebook's chief operating officer, Sheryl Sandberg, also criticized Apple and its privacy rules, going as far as to claim that the new rules are negatively impacting Facebook while benefiting Apple's own advertising business: "We've been open about the fact that there were headwinds coming -- and we've experienced that in Q3. The biggest is the impact of Apple's iOS14 changes, which have created headwinds for others in the industry as well, major challenges for small businesses, and advantaged Apple's own advertising business." Despite Facebook facing an avalanche of pressure amid leaked internal documents and scrutiny, Sandberg pointed the finger at Apple for Facebook's lackluster performance this quarter. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

During the company's first appearance at a U.S. congressional hearing, TikTok executive Michael Beckerman said it does not give information to the Chinese government and has sought to safeguard U.S. data. Reuters reports: Michael Beckerman, TikTok's head of public policy for the Americas, became the company's first executive to appear before Congress, testifying to a subcommittee of the Senate Commerce Committee. Republicans in particular pressed Beckerman on worries regarding TikTok's stewardship of data on the app's users. Senator Marsha Blackburn, the panel's top Republican, said she is concerned about TikTok's data collection, including audio and a user's location, and the potential for the Chinese government to gain access to the information. Blackburn questioned Beckerman on whether TikTok could resist giving data to China's government if material were to be demanded. "We do not share information with the Chinese government," Beckerman responded.

Under questioning by Republican Senator Ted Cruz, Beckerman said that TikTok has "no affiliation" with Beijing ByteDance Technology, a ByteDance entity at which the Chinese government took a stake and a board seat this year. Beckerman also testified that TikTok's U.S. user data is stored in the United States, with backups in Singapore. "We have a world-renowned U.S. based security team that handles access," Beckerman said. Republican Senator John Thune said TikTok is perhaps more driven by content algorithms than even Facebook, as the app is famous for quickly learning what users find interesting and offering them those types of videos. Beckerman said TikTok would be willing to provide the app's algorithm moderation policies in order for the Senate panel to have it reviewed by independent experts.

An anonymous reader quotes a report from KrebsOnSecurity: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS).

Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.

Some 150 people were arrested worldwide and more than $31.6 million in cash and virtual currencies were seized during a 10-month international investigation into opioid trafficking through darknet marketplaces, the Department of Justice announced Tuesday. From a report: The massive probe, called "Operation Dark HunTor," spanned three continents and led to the recovery of about 234 kilograms (over 500 pounds) of illegal drugs, including enough fentanyl to cause more than 4 million lethal doses, according to deputy attorney general Lisa Monaco. A darknet is encrypted online content that can only be accessed with specific browsers and is primarily used to purchase or sell illegal goods or services, especially illegal drugs. 65 people were arrested in the United States, one in Bulgaria, three in France, 47 in Germany, four in the Netherlands, 24 in the United Kingdom, four in Italy and two in Switzerland. Prosecutors allege the suspects were responsible for tens of thousands of illegal sales across the U.S., Europe and Australia.

TikTok, YouTube and Snapchat will appear before Congress Tuesday with a key priority: distinguishing their practices from Facebook's. From a report: Facebook is under attack, and its tech peers don't want to get caught in the crossfire as lawmakers mull legislation to rein in the company. At the hearing before the Senate Commerce consumer protection subcommittee, representatives from TikTok, YouTube and Snap will focus on ways their services differ from Facebook and Instagram and measures they've already put in place to protect children.

TikTok's Michael Beckerman, vice president and head of public policy, will highlight proactive safety moves the company has made, including disabling direct messages for users under 16. Snap's Jennifer Stout, vice president of global public policy, will note that the company was designed to avoid some of the toxicity of social media platforms and uses human moderation for creator posts that will reach more than 25 users. YouTube's Leslie Miller, vice president of government affairs and public policy, will point out that the company already has designed different services and products for younger users, including YouTube Kids, Made for Kids and Supervised Experiences.

Owen Jones, a British newspaper columnist and activist for the Labour Party, writes in an opinion piece for The Guardian: The aftermath of the horrific killing of Conservative MP David Amess should have been a moment for politicians and the public to unite in an effort to protect democracy. Instead, the discussion has been derailed by a push to ban anonymous social media accounts, which would stifle free speech and democratic rights. Threatening online messages to politicians and other public figures should be taken seriously. As someone who has experienced online abuse, and a physical attack at the hands of the far right, I know all too well the danger. But, in this tragic event, there seems to be no known connection between the death of Amess and anonymous online posting.

While MPs are grieving, and understandably feel vulnerable, we must ask whether strengthening the online safety bill is the right approach. By shifting attention away from extremism toward online anonymity, do we hinder our democracy? There are many legitimate reasons why a citizen may not feel comfortable posting their opinion or sharing information under their own identity. Given the number of politicians who offer off-the-record quotes to journalists on a daily basis, generally for fear of their jobs or other harmful consequences, MPs will be able to empathize with this. The bill would allow Ofcom to punish social networks that fail to remove "lawful but harmful" content. Defining abuse is politically subjective -- what is seen as accountability by some could be seen as abuse by others. Mark Francois, who is campaigning for the changes, said "while people in public life must remain open to legitimate criticism, they can no longer be vilified or their families subject to the most horrendous abuse." While there is no place for verbally violent, threatening or disturbing language, what can be defined as vilification versus illegitimate criticism is harder to judge... Friendly reminder: Slashdot continues to allow users to post comments and stories anonymously as an "Anonymous Coward." This is something that's been criticized since its inception, but it's something we think is important and plan to continue for the foreseeable future.

An anonymous reader quotes a report from Motherboard: A newly obtained document written by the FBI lays out in unusually granular detail how it and other law enforcement agencies can obtain location information of phones from telecommunication companies. Ryan Shapiro, executive director of nonprofit organization Property of the People, shared the document with Motherboard after obtaining it through a public record act request. Property of the People focuses on obtaining and publishing government records. The document, a 139 page slide presentation dated 2019, is written by the FBI's Cellular Analysis Survey Team (CAST). CAST supports the FBI as well as state, local, and tribal law enforcement investigations through the analysis of call data and tower information, the presentation adds. That can include obtaining the data from telecommunications companies in the first place; analyzing tower dumps that can show which phones were in an approximate location at a given time; providing expert witness testimony; and performing drive tests to verify the actual coverage of a cell tower.

"When necessary, CAST will utilize industry standard survey gear drive test equipment to determine the true geographical coverage breadth of a cell site sector," the presentation reads. The presentation highlights the legal process required to obtain information from a telecommunications company, such as a court order or search warrant. The LinkedIn profile of one CAST member Motherboard found says they have a "special emphasis in historical cell site analysis which is typically used for locating phones (and the individuals attached to those phones) for cases such as kidnappings, homicides, missing persons, and robberies." CAST provides its own cell phone data visualization tool to law enforcement officials around the country called CASTViz for free. "CASTViz has the ability to quickly plot call detail records and tower data for lead generation and investigative purposes," the presentation reads. The document includes images of and instructions for the CASTViz software itself.

The document also explains how data requests from Mobile Virtual Network Operators (MVNOs) such as Boost Mobile are handled, explains how to obtain location data from what the FBI describes as "burner phones," and how to obtain information from OnStar, General Motors' in-vehicle system. The document also provides the cost of some of this data for law enforcement to request. The presentation provides more recent figures on how long telecoms retain data for. AT&T holds onto data such as call records, cell site, and tower dumps for 7 years. T-Mobile holds similar information for 2 years, and Verizon holds it for 1 year. The slide also shows that AT&T retains "cloud storage internet/web browsing" data for 1 year. Another section that provides an overview of the different engineering and location datasets held by telecoms and potentially available to law enforcement agencies tells officials to use some AT&T data "cautiously." "AT&T does not validate results," the presentation reads. That section also mentioned that Verizon has a "new" location tool that law enforcement agencies can use. Rich Young, a Verizon spokesperson, told Motherboard in an email that "This is a tool that our security team uses in response to lawful warrants and emergency requests. For example, this tool would be used in response to cases involving armed fugitives or missing children. As a common industry practice, the tool uses network-based cell site location information. All other major providers use a similar approach."

The New York Times describes a six-year grass roots effort to fund historic preservation and natural resource conservation in Montana — and how it collided with Rae Grulkowski, a 56-year-old businesswoman who had never before been involved in politics, and her very influential Facebook group: Ms. Grulkowski had just heard about a years-in-the-making effort to designate her corner of central Montana a national heritage area, celebrating its role in the story of the American West. A small pot of federal matching money was there for the taking, to help draw more visitors and preserve underfunded local tourist attractions.

Ms. Grulkowski set about blowing up that effort with everything she had.

She collected addresses from a list of voters and spent $1,300 sending a packet denouncing the proposed heritage area to 1,498 farmers and ranchers. She told them the designation would forbid landowners to build sheds, drill wells or use fertilizers and pesticides. It would alter water rights, give tourists access to private property, create a new taxation district and prohibit new septic systems and burials on private land, she said.

None of this was true.

Yet it soon became accepted as truth by enough people to persuade Montana's leading Republican figures and conservative organizations, including the farm bureau, Gov. Greg Gianforte and Senator Steve Daines, to oppose the proposal and enact a state law forbidding the federal government to create any heritage area in Montana.

It is a ban that the state has no authority to enforce.
Some comments on the episode (via the New York Times):

• Ellen Sievert, retired historic preservation officer for Cascade County:
  "We've run into the uneducable. I don't know how we get through that."

• Bob Kelly, the mayor of Great Falls:
  "Misinformation is the new playbook. You don't like something? Create alternative facts and figures as a way to undermine reality." (In fact, it's now become an issue in the mayor's race.)

The episode was especially distressing for Richard Ecke, who spent 38 years at the town's local newspaper until being laid off in 2016 — and is also vice chairman of the proposed heritage area's board. The Times reports that "In the paper's place, information and misinformation about the heritage area spread on Facebook and in local outlets that parroted Ms. Grulkowski."

And meanwhile, "Ms. Grulkowski now has ambitions beyond Montana. She wants to push Congress not to renew heritage areas that already exist." [There are 55 of them, in 34 different states.]

Finally the Times interviewed Ed Bandel, who'd led the Montana Farm Bureau's opposition to the Montana heritage area. When asked for his supporting evidence, "Mr. Bandel said he trusted Ms. Grulkowski."

And when asked about the argument that it in fact posed no threat to property rights, Bandel remained unconvinced. "They say, 'Don't worry, we're going to do it right. Don't worry, we'll take care of you. I think Adolf Hitler said that, too, didn't he...?"

Tech billionaire Peter Thiel "believes that people should be more worried about 'surveillance AI' rather than artificial general intelligences," reports CNBC: The venture capitalist, who co-founded big data firm Palantir, said at an event in Miami on Wednesday that on the path to AGI, you get surveillance AI, which he described as a "communist totalitarian technology." Those that are worried about AGI aren't actually "paying attention to the thing that really matters," Thiel said, adding that governments will use AI-powered facial recognition technology to control people.

His comments come three years after Bloomberg reported that "Palantir knows everything about you." Thiel has also invested in facial recognition company Clearview AI and surveillance start-up Anduril. Palantir, which has a market value of $48 billion, has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers reportedly include the CIA, FBI, and the U.S. Army....

Thiel, a well-known libertarian who also co-founded PayPal and holds a board seat at Facebook, said Silicon Valley isn't talking about AGI as much today as it was six or seven years ago... In the same talk, Thiel pitted AI against cryptocurrencies, saying that he'd prefer to see the latter one succeed. "If we say crypto is libertarian and that it is fundamentally a force for decentralization, then I think we should also be willing to say that AI, especially in the low-tech surveillance form, is essentially communist."

"If you want to frame it as a technological race ... I want the crypto decentralized world to work," he said.

America's Federal Bureau of Investigation "refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer," reports the Washington Post, "even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials." The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs. But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.

The planned takedown never occurred because in mid-July REvil's platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials... The FBI finally shared the key with Kaseya, the IT company whose software was infected with malware, on July 21 — 19 days after it was hit. Kaseya asked New Zealand-based security firm Emsisoft to create a fresh decryption tool, which Kaseya released the following day. By then, it was too late for some victims...

On Tuesday, FBI Director Christopher A. Wray, testifying before Congress, indicated the delay stemmed in part from working jointly with allies and other agencies. "We make the decisions as a group, not unilaterally," he said, noting that he had to constrain his remarks because the investigation was ongoing... He also suggested that "testing and validating" the decryption key contributed to the delay. "There's a lot of engineering that's required to develop a tool" that can be used by victims, he said at a Senate Homeland Security Committee hearing.

Emsisoft, however, was able to act quickly. It extracted the key from what the FBI provided Kaseya, created a new decryptor and tested it — all within 10 minutes, according to Fabian Wosar, Emsisoft chief technology officer. The process was speedy because the firm was familiar with REvil's ransomware. "If we had to go from scratch," Wosar said, "it would have taken about four hours."

"Facebook has filed a lawsuit on Friday against a Ukrainian national for allegedly scraping its website and selling the personal data of more than 178 million users on an underground cybercrime forum," reports the Record. According to court documents filed Friday, the man was identified as Alexander Alexandrovich Solonchenko, a resident of Kirovograd, Ukraine. Facebook alleges that Solonchenko abused a feature part of the Facebook Messenger service called Contact Importer. The feature allowed users to synchronize their phone address books and see which contacts had a Facebook account in order to allow users to reach out to their friends via Facebook Messenger. Between January 2018 and September 2019, Facebook said that Solonchenko used an automated tool to pose as Android devices in order to feed Facebook servers with millions of random phone numbers. As Facebook servers returned information for which phone numbers had an account on the site, Solonchenko collected the data, which he later collected and offered for sale on December 1, 2020, in a post on RaidForums, a notorious cybercrime forum and marketplace for stolen data.
The article also notes that Facebook's court documents say Solonchenko scraped data from some of the largest companies in the Ukraine, including its largest commercial bank and largest private delivery service.

And the Record points out that he's not the only person known to have this hole to scrape Facebook's user data and then sell it on the forum.) Days after another incident in April involving 533 leaked phone numbers of Facebook user, Facebook "revealed that it retired the Messenger Contact Importer feature back in September 2019 after it discovered Solonchenko and other threat actors abusing it."

Big data "has big designs on a big cloud," reports NBC News: A steady drumbeat from some of the most influential executives in the technology industry has emerged in recent months to push the idea that the U.S. government should invest in a "national research cloud" — a hub for U.S. research into artificial intelligence where researchers from academia and smaller tech companies could share data sets and other resources.

It's an idea that has been backed by a government commission led by ex-Google CEO Eric Schmidt and including executives from Amazon, Microsoft and Oracle, which recommended that the Biden administration create a hub for U.S. research into artificial intelligence. The White House has warmed up to the idea, ordering another report on it due next year with an eye toward competing with China on the development of artificial intelligence. "We should be able to stay ahead of China. We estimated that we are one to two years ahead of China, broadly speaking, in this area. I hope that's true," Schmidt said in an interview with NBC News. "Investments that are targeted in research — new algorithms — should be able to keep us ahead," he said.

The stakes could be enormous. Some experts in artificial intelligence believe it has the potential to transform the economy — automating some jobs, while creating new ones — and the potential military applications have spurred investment by the Pentagon.

But this month, the idea began getting fresh pushback. Research groups including New York University's AI Now Institute and Data & Society, a nonprofit technology research group based in New York, say the very tech companies pushing this idea stand to profit from it, because the national hub would likely be housed in the same companies' commercial cloud computing services. They say that's a conflict, and little more than a cash grab by what's effectively the next generation of military contractors. The plan also could entrench the very same tech companies that President Joe Biden's antitrust enforcers are working to rein in, these critics say.

76-year-old John Gilmore co-founded the EFF in 1990, and in the 31 years since he's "provided leadership and guidance on many of the most important digital rights issues we advocate for today," the EFF said in a statement Friday.

"But in recent years, we have not seen eye-to-eye on how to best communicate and work together," they add, announcing "we have been unable to agree on a way forward with Gilmore in a governance role." That is why the EFF Board of Directors has recently made the difficult decision to vote to remove Gilmore from the Board.

We are deeply grateful for the many years Gilmore gave to EFF as a leader and advocate, and the Board has elected him to the role of Board Member Emeritus moving forward. "I am so proud of the impact that EFF has had in retaining and expanding individual rights and freedoms as the world has adapted to major technological changes," Gilmore said. "My departure will leave a strong board and an even stronger staff who care deeply about these issues."

John Gilmore co-founded EFF in 1990 alongside John Perry Barlow, Steve Wozniak and Mitch Kapor, and provided significant financial support critical to the organization's survival and growth over many years. Since then, Gilmore has worked closely with EFF's staff, board, and lawyers on privacy, free speech, security, encryption, and more. In the 1990s, Gilmore found the government documents that confirmed the First Amendment problem with the government's export controls over encryption, and helped initiate the filing of Bernstein v DOJ, which resulted in a court ruling that software source code was speech protected by the First Amendment and the government's regulations preventing its publication were unconstitutional. The decision made it legal in 1999 for web browsers, websites, and software like PGP and Signal to use the encryption of their choice.

Gilmore also led EFF's effort to design and build the DES Cracker, which was regarded as a fundamental breakthrough in how we evaluate computer security and the public policies that control its use. At the time, the 1970s Data Encryption Standard (DES) was embedded in ATM machines and banking networks, as well as in popular software around the world. U.S. government officials proclaimed that DES was secure, while secretly being able to wiretap it themselves. The EFF DES Cracker publicly showed that DES was in fact so weak that it could be broken in one week with an investment of less than $350,000. This catalyzed the international creation and adoption of the much stronger Advanced Encryption Standard (AES), now widely used to secure information worldwide....

EFF has always valued and appreciated Gilmore's opinions, even when we disagree. It is no overstatement to say that EFF would not exist without him. We look forward to continuing to benefit from his institutional knowledge and guidance in his new role of Board Member Emeritus.
Gilmore also created the alt* hierarchy on Usenet, co-founded the Cypherpunks mailing list, and was one of the founders of Cygnus Solutions (according to his page on Wikipedia).

He's also apparently Slashdot user #35,813 (though he hasn't posted a comment since 2004).

"License plate readers are rapidly reshaping private security in American neighborhoods," reports the Washington Post, as aggressively-marketed $2,500-a-year "safety-as-a-service" packages "spread to cover practically everywhere anyone chooses to live in the United States" and "bringing police surveillance tools to the masses with an automated watchdog that records 24 hours a day." Flock Safety, the industry leader, says its systems have been installed in 1,400 cities across 40 states and now capture data from more than a billion cars and trucks every month. "This is not just for million-dollar homes," Flock's founder, Garrett Langley, said. "This is America at its core..."

Its solar-powered, motion-sensing camera can snap a dozen photos of a single plate in less than a second — even in the dark, in the rain, of a car driving 100 mph up to 75 feet away, as Flock's marketing materials say. Piped into a neighborhood's private Flock database, the photos are made available for the homeowners to search, filter or peruse. Machine-learning software categorizes each vehicle based on two dozen attributes, including its color, make and model; what state its plates came from; and whether it had bumper stickers or a roof rack. Each "vehicle fingerprint" is pinpointed on a map and tracked by how often it had been spotted in the past month. The plates are also run against law enforcement watch lists for abducted children, stolen cars, missing people and wanted fugitives; if there's a match, the system alerts the nearest police force with details on how to track it down...

Flock's customer base has roughly quadrupled since 2019, with police agencies and homeowners associations in more than 1,400 cities today, and the company has hired sales representatives in 30 states to court customers with promises of a safer, more-monitored life. Company officials have also attended town hall meetings and papered homeowners associations with glossy marketing materials declaring its system "the most user-friendly, least invasive way for communities to stop crime": a network of cameras "that see like a detective," "protect home values" and "automate [the] neighborhood watch ... while you sleep." Along the way, the Atlanta-based company has become an unlikely darling of American tech. The company said in July it had raised $150 million from prominent venture capital firms such as Andreessen Horowitz, which said Flock was pursuing "a massive opportunity in shaping the future...."

Flock deletes the footage every 30 days by default and encourages customers to search only when investigating crime. But the company otherwise lets customers set their own rules: In some neighborhoods, all the homeowners can access the images for themselves...

Camera opponents didn't want the neighborhood's leaders to anoint themselves gatekeepers, choosing who does and doesn't belong. And they worried that if someone's car was broken into, but no one knew exactly when, the system could lead to hundreds of drivers, virtually all of them innocent, coming under suspicion for the crime. They also worried about the consequences of the cameras getting it wrong. In San Francisco, police had handcuffed a woman at gunpoint in 2009 after a camera garbled her plate number; another family was similarly detained last year because a thief had swiped their tag before committing a crime. And last year in Aurora, 30 miles from Paradise Hills, police handcuffed a mother and her children at gunpoint after a license plate reader flagged their SUV as stolen. The actual stolen vehicle, a motorcycle, had the same plate number from another state. Police officials have said racial profiling did not play a role, though the drivers in all three cases were Black. (The license plate readers in these cases were not Flock devices, and the company said its systems would have shown more accurate results...)

The Paradise Hills opponents were right to be skeptical about a local crime wave. According to Jefferson County sheriff's records shared with The Post, the only crime reports written up since September 2020 included two damaged mailboxes, a fraudulent unemployment claim and some stuff stolen out of three parked cars, two of which had been left unlocked. "I wouldn't exactly say it's a hot spot," patrol commander Dan Aten told The Post...

The cameras clicked on in August, a board member said. In the weeks since, the neighborhood hasn't seen any reports of crime. The local sheriff's office said it hasn't used the Flock data to crack any cases, nor has it found the need to ask.
Flock's founder, Garrett Langley, nonetheless tells the Washington Post, "There are 17,000 cities in America.

"Until we have them all, we're not done."

"The BBC is reporting that Facebook has been fined a record £50 million by the UK's Competition and Markets Authority," writes long-time Slashdot reader Hope Thelps, "for deliberately failing to provide required information" (pertaining to Facebook's 2020 acquisition of Gif-sharing service Giphy).

The BBC reports: The £50m fine the CMA handed Facebook is more than 150 times higher than the previous record handed down for similar offences, at £325,000.

Speaking about its decision to fine the social media giant, the CMA said in a statement: "This is the first time a company has been found by the CMA to have breached an [order] by consciously refusing to report all the required information."

Giphy is widely used by Facebook's competitors to power animated Gif images used in social media apps, on mobile keyboards, and elsewhere online. That led to potential competition concerns. The CMA issued something called an "initial enforcement order", which limits how companies that are merging, but under investigation, operate. It is designed to keep the entities semi-separate and in competition with each other until the investigation is over. Facebook is obliged to provide updates and information to make clear how it is complying with the order.

"Given the multiple warnings it gave Facebook, the CMA considers that Facebook's failure to comply was deliberate," the CMA said.

That "fundamentally undermined its ability to prevent, monitor and put right any issues".

The fine for that offence is £50m. Separately, the CMA announced a £500,000 fine for Facebook changing its chief compliance officer — twice — "without seeking consent first".

Suppliers to Chinese telecoms giant Huawei and China's top chipmaker SMIC got billions of dollars worth of licenses from November through April to sell them goods and technology despite their being on a U.S. trade blacklist, documents released by Congress showed on Thursday. Reuters reports: According to the documents, first obtained by Reuters, 113 export licenses worth $61 billion were approved for suppliers to ship products to Huawei while another 188 licenses valued at nearly $42 billion were greenlighted for Semiconductor Manufacturing International Corp (SMIC). The data also showed that more than 9 out of 10 license applications were granted to SMIC suppliers while 69% of requests to ship to Huawei were approved over the same period.

[T]he Commerce Department said that the release of an "arbitrary snapshot" of license approvals "risks politicizing the licensing process and misrepresenting the national security determinations" made by the government. It also stressed that approved license applications do not represent actual shipments and around half of all licenses are used. It added that license applications involving Huawei and SMIC are processed under policies developed by the Trump administration and maintained by the Biden administration.

A former senior Commerce Department official in the Trump administration who declined to be named echoed the agency's view. "This very small period of license activity is not an accurate window into the Huawei and SMIC license process," he said, noting that the goal of preventing the companies from obtaining leading edge technology without unnecessarily harming U.S. exports of other goods had been successful. "This [document release] seems designed to mislead people and generate headlines," he added.

According to a survey from Reviews.org, Amazon's Alexa collects more data from users than any of the other digital assistants analyzed, which included the Google Assistant, Siri, Bixby, and Cortana. PCMag reports: All five services collect your name, phone number, device location, and IP address; the names and numbers of your contacts; your interaction history; and the apps you use. If you don't like that information being stored, you probably shouldn't use a voice assistant. In the survey, 60% of respondents were concerned about someone listening to their voice recordings, which is a real fear, since Google and Apple have both been caught doing just that. While Google Assistant and Siri now need your permission to record your interactions, the other options record you by default.

Which option is the most invasive? Analysis by Reviews.org found that Alexa collects 37 of the 48 possible data points, the most data out of any other. Samsung's Bixby collected 34 points of data, and Cortana collects 32 data points. Meanwhile, Siri collects just 30, and Google's smart assistant takes only 28, making them the least invasive. While 76% of Americans report that they use smart assistants, 61% are concerned that these programs and devices are always listening to them in the background. And people have had a hard time alleviating those fearsâ"only 45% of users have tried to disable their smart assistant, with 38% reporting they couldn't figure out how.

An anonymous reader shares a report: Over the last few years the justified fixation on the bad behavior of Google, Amazon, Facebook and other Silicon Valley giants has let the abuses of the telecom sector fly under the radar. But a new FTC report showcases how when it comes to consumer privacy, broadband providers are every bit as terrible as you thought they were. The new FTC report studied the privacy practices of six unnamed broadband ISPs and their advertising arms, and found that the companies routinely collect an ocean of consumer location, browsing, and behavioral data. They then share this data with dodgy middlemen via elaborate business arrangements that often aren't adequately disclosed to broadband consumers.

"Even though several of the ISPs promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others and hide disclosures about such practices in fine print of their privacy policies," the FTC report said. The FTC also found that while many ISPs provide consumers tools allowing them to opt out of granular data collection, those tools are cumbersome to use -- when they work at all. "Many of the ISPs also claim to offer consumers choices about how their data is used and allow them to access such data," the FTC said. "The FTC found, however, that many of these companies often make it difficult for consumers to exercise such choices and sometimes even nudge them to share even more information." ISPs often provide privacy-specific website portals proclaiming to provide users with a wide variety of opt out options but these choices are often "illusory," the FTC found.

EFF: The Utah Supreme Court is the latest stop in EFF's roving campaign to establish your Fifth Amendment right to refuse to provide your password to law enforcement. Yesterday, along with the ACLU, we filed an amicus brief in State v. Valdez, arguing that the constitutional privilege against self-incrimination prevents the police from forcing suspects to reveal the contents of their minds. That includes revealing a memorized passcode or directly entering the passcode to unlock a device.

In Valdez, the defendant was charged with kidnapping his ex-girlfriend after arranging a meeting under false pretenses. During his arrest, police found a cell phone in Valdez's pocket that they wanted to search for evidence that he set up the meeting, but Valdez refused to tell them the passcode. Unlike many other cases raising these issues, however, the police didn't bother seeking a court order to compel Valdez to reveal his passcode. Instead, during trial, the prosecution offered testimony and argument about his refusal. The defense argued that this violated the defendant's Fifth Amendment right to remain silent, which also prevents the state from commenting on his silence. The court of appeals agreed, and now the state has appealed to the Utah Supreme Court.

An anonymous reader shares a report from Reuters: The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Former partners and associates of the Russian-led criminal gang were responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil's direct victims include top meatpacker JBS. The crime group's "Happy Blog" website, which had been used to leak victim data and extort companies, is no longer available. Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.

VMWare head of cybersecurity strategy Tom Kellermann said law enforcement and intelligence personnel stopped the group from victimizing additional companies. "The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups," said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. "REvil was top of the list." [...] U.S. government attempts to stop REvil, one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world, accelerated after the group compromised U.S. software management company Kaseya in July. That breach opened access to hundreds of Kaseya's customers all at once, leading to numerous emergency cyber incident response calls. Following the attack on Kaseya, the FBI obtained a universal decryption key that allowed those infected via Kaseya to recover their files without paying a ransom. But law enforcement officials initially withheld the key for weeks as it quietly pursued REvil's staff, the FBI later acknowledged. According to three people familiar with the matter, law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of at least some of their servers.

After websites that the hacker group used to conduct business went offline in July, the main spokesman for the group, who calls himself "Unknown," vanished from the internet. When gang member 0_neday and others restored those websites from a backup last month, he unknowingly restarted some internal systems that were already controlled by law enforcement. "The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, deputy head of the forensics lab at the Russian-led security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them." Reliable backups are one of the most important defenses against ransomware attacks, but they must be kept unconnected from the main networks or they too can be encrypted by extortionists such as REvil.

An anonymous reader quotes a report from CNBC: Responding to a growing controversy over investing practices, the Federal Reserve announced Thursday a wide-ranging ban on officials owning individual stocks and bonds and limits on other activities as well. The ban includes top policymakers such as those who sit on the Federal Open Market Committee, along with senior staff. Future investments will have to be confined to diversified assets such as mutual funds.

Fed officials can no longer have holdings in shares of particular companies, nor can they invest in individual bonds, hold agency securities or derivative contracts. The new rules replace existing regulations that, while somewhat restrictive, still allowed officials such as regional presidents to buy and sell stocks. "These tough new rules raise the bar high in order to assure the public we serve that all of our senior officials maintain a single-minded focus on the public mission of the Federal Reserve," Fed Chairman Jerome Powell said in a statement.

Under the new rules, the officials will have to provide 45 days' notice in advance of buying or selling any securities that are still allowed. They also will be required to hold the securities for at least a year, and they cannot buy or sell funds during "heightened financial market stress," a news release announcing the moves said. "I'm hopeful that swift action will allow us to put this behind us and get us back focused on the job ahead," Atlanta Fed President Raphael Bostic told CNBC during a "Closing Bell" interview.

Sony has been granted a patent that would allow livestream spectators and participants to remove players from a game. "Besides removing unskilled players, the system would allow spectators to pay for the privilege of removing players," reports Kotaku. From the report: In the patent document, Sony outlined a system in which spectators to a livestream can vote to remove a player from an ongoing game. The player would have no veto power over this decision, and they may be reassigned to a different match. The system would display the skill level of the current players and their statistics for the game, such as time played, ratings, and achievements. All of this would take place through "the cloud gaming system," whatever that means.

To avoid audience abuse of this system, a 60% voting threshold needs to be met in order to bench a player from a game. Spectators with a higher skill level will also have their votes counted more heavily in the election. Despite Sony claiming that this system would be beneficial for removing disrespectful "griefers" from matches, the patent also includes the ability for spectators to pay a fixed price or bid for the ability to remove players from a game. The text also mentions a system in which spectators can warn active players to improve their gameplay. Damn.

An anonymous reader quotes a report from Motherboard: Japanese police on Monday arrested a 43-year-old man for using artificial intelligence to effectively unblur pixelated porn videos, in the first criminal case in the country involving the exploitative use of the powerful technology. Masayuki Nakamoto, who runs his own website in the southern prefecture of Hyogo, lifted images of porn stars from Japanese adult videos and doctored them with the same method used to create realistic face swaps in deepfake videos. But instead of changing faces, Nakamoto used machine learning software to reconstruct the blurred parts of the video based on a large set of uncensored nudes and sold the content online. Penises and vaginas are pixelated in Japanese porn because an obscenity law forbids the explicit depictions of genitalia.

Nakamoto reportedly made about $96,000 by selling over 10,000 manipulated videos, though he was arrested specifically for selling 10 fake photos at about $20 each. Nakamoto pleaded guilty to charges of copyright violation and displaying obscene images and said he did it for money, according to NHK. He was caught when police conducted a "cyber patrol," the Japanese broadcaster reported. "This is the first case in Japan where police have caught an AI user," Daisuke Sueyoshi, a lawyer who's tried cybercrime cases, told VICE World News. "At the moment, there's no law criminalizing the use of AI to make such images." For example, Nakamoto was not charged with any offenses for violating the privacy of the actors in the videos.

The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. From a report: Under this new policy, foreign investors can only own up to 50% of China-based VPN companies. This allows China to retain state control over local and approved products while still offering a significant incentive for investment. Apart from VPNs, the policy update also includes changes in the investment caps on information services for app stores, internet connection services, and more. This comes as somewhat of a surprise for a country that has been fighting foreign VPNs for years now, hindering their presence in China and imposing fines and other penalties to users who ignored the banning orders.