Japan will create a scheme to subsidize construction of domestic chip factories with a new plant planned by Taiwan's TSMC likely to be the first recipient, the Nikkei newspaper reported on Monday. Reuters reports: The government will set aside several hundreds of billion yen under this year's supplementary budget to create a pool of funds at NEDO, a state-run body promoting research and development on energy and industrial technology, the paper said. Companies will be eligible for the subsidies on condition they ramp up chip production in times of short supply, the Nikkei said without citing sources.

The government is likely to subsidise up to half of TSMC's estimated 1-trillion-yen ($8.82 billion) investment for building a chip plant in Kumamoto, southern Japan, the Nikkei said. The plant in Kumamoto, southern Japan, is expected to produce semiconductors for automobiles, camera image sensors and other products which have been hit by a global chip shortage, and is likely to start operations by 2024, the paper said.

An anonymous reader quotes a report from The Register: US-based Nvidia partner EVGA has reported that a shipment of GPUs it was sending to a distribution centre has been stolen from a truck. A forum post by EVGA product manager Jacob Freeman states "PLEASE TAKE NOTICE that on October 29, 2021, a shipment of EVGA GeForce RTX 30-Series Graphics Cards was stolen from a truck en route from San Francisco to our Southern California distribution center."

"These graphics cards are in high demand and each has an estimated retail value starting at $329.99 up to $1959.99 MSRP." Which probably explains the motivation for the crime -- either someone hopes to resell them or a crypto-miner has just built a cut-price rig. Freeman's post doesn't say how many GPUs were stolen, or if the truck was carrying anything else. He did, however, warn that buying stolen property is a crime, as is "concealing selling or withholding" purloined goods. He then appears to lay a trap of sorts by pointing out that attempts to register products that aren't stolen will succeed on this page which requires registration. Crooks are probably smart enough to use fake details when registering. Are they also smart enough to use a VPN and/or Tor to hide their tracks? EVGA has created the email address stopRTX30theft@evga.com in an attempt to find the culprits.

schwit1 writes: Microsoft is preparing a couple of little updates that may curb employee rulebreaking enthusiasm. Yes, this news again comes courtesy of Microsoft's roadmap service, where Redmond prepares you for the joys to come. This time, there are a couple of joys. The first is headlined: "Microsoft 365 compliance center: Insider risk management -- Increased visibility on browsers." It all sounded wonderful until you those last four words, didn't it? For this is the roadmap for administrators. And when you give a kindly administrator "increased visibility on browsers," you can feel sure this means an elevated level of surveillance of what employees are typing into those browsers.

The U.S. Justice Department has charged a suspect from Ukraine and a Russian national over a July ransomware attack on an American company, according to indictments made in court filings on Monday, and has seized $6 million in ransom payments. From a report: The latest U.S. actions follow a slew of measures taken to combat ransomware that earlier this year hit big companies, including Colonial Pipeline, the largest fuel pipeline in the United States, and crippled fuel delivery for several days in the U.S. Southeast. Yaroslav Vasinskyi, a Ukrainian national arrested in Poland last month, will face U.S. charges for deploying ransomware known as REvil, which has been used in hacks that have cost U.S. firms millions of dollars, the court filing showed. REvil gained notoriety as the Russian group behind the ransomware attack against meatpacker JBS SA.

"Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors," reports CNN, citing their exclusive glimpse at findings from security firm Palo Alto Networks.

At least one of the breached organizations is in the U.S., they add, and in cooperation with America's National Security Agency (or NSA), security researchers "are exposing an ongoing effort by these unidentified hackers to steal key data from U.S. defense contractors and other sensitive targets." It's the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers' tools in the process... [T]he hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.

Olson said that the nine confirmed victims are the "tip of the spear" of the apparent spying campaign, and that he expects more victims to emerge. It's unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers' tactics and tools overlap with those used by a suspected Chinese hacking group... Cybersecurity firm Mandiant earlier this year revealed that China-linked hackers had been exploiting a different software vulnerability to breach defense, financial and public sector organizations in the US and Europe....

In the activity revealed by Palo Alto Networks, the attackers are exploiting a vulnerability in software that corporations use to manage their network passwords. CISA and the FBI warned the public in September that hackers were exploiting the software flaw and urged organizations to update their systems. Days later, the hackers tracked by Palo Alto Networks scanned 370 computer servers running the software in the US alone, and then began to exploit the software. Olson encouraged organizations that use the Zoho software to update their systems and search for signs of a breach.

Federal officials told CNN the revelation of the hacking activity is evidence of their close work with cybersecurity firms to stay on top of threats.

UPDATED: Earlier this week ZDNet reported that Facebook's parent company Meta "has granted the Kazakhstan government direct access to its content reporting system," as part of a joint agreement to work on removing content that is deemed harmful on social network platforms like Facebook and Instagram," with the agreement focusing on protecting children.

But the Washington Post clarified tonight that in fact Kazakhstan's statement "was apparently released independent of Facebook." Meta spokesman Ben McConaghy said in an email that the company has "a dedicated online channel for governments around the world to report content to us that they believe violates local law."

"We follow a consistent global process to assess individual requests — independent from any government — in line with Facebook's policies, local laws and international human rights standards," he added. "This process is the same in Kazakhstan as it is for other countries around the world."
Here's ZDNet's original report: In a joint statement, the Ministry of Information and Social Development of the Republic of Kazakhstan and the social media giant said the agreement, which is the first of its kind in Central Asia, would help increase the efficiency and effectiveness to counter the spread of illegal content. Giving the Kazakhstan government access to its content reporting system will allow the government to report content that may violate Facebook's global content policy and local content laws in Kazakhstan, Facebook said. Under the agreement, both parties will also set up regular communication, including having an authorised representative from Facebook's regional office work with the Ministry on various policy issues.

"Facebook is delighted to work with the government of Kazakhstan together, particularly in the aspect of online safety for children," Facebook regional public policy director George Chen said in a statement.

"At the age of 98, former Secretary of State Henry Kissinger has a whole new area of interest: artificial intelligence," reports Time magazine: He became intrigued after being persuaded by Eric Schmidt, who was then the executive chairman of Google, to attend a lecture on the topic while at the Bilderberg conference in 2016. The two have teamed up with the dean of the MIT Schwarzman College of Computing, Daniel Huttenlocher, to write a bracing new book, The Age of AI, about the implications of the rapid rise and deployment of artificial intelligence, which they say "augurs a revolution in human affairs." The book argues that artificial intelligence processes have become so powerful, so seamlessly enmeshed in human affairs, and so unpredictable, that without some forethought and management, the kind of "epoch-making transformations" they will deliver may send human history in a dangerous direction...

Schmidt: The visit to Google got him thinking. And when we started talking about this, Dr. Kissinger said that he is very worried that the impact that this collection of technologies will have on humans and their existence, and that the technologists are operating without the benefit of understanding their impact or history. And that, I think, is absolutely correct...

Kissinger: [T]he technologists are showing us how to relate reason to artificial intelligence. It's a different kind of knowledge in some respects, because with reason — the world in which I grew up — each evidence supports the other. With artificial intelligence, the astounding thing is, you come up with a conclusion which is correct. But you don't know why. That's a totally new challenge. And so in some ways, what they have invented is dangerous. But it advances our culture. Would we be better off if it had never been invented? I don't know that. But now that it exists, we have to understand it. And it cannot be eliminated. Too much of our life is already consumed by it....

Up to now humanity assumed that its technological progress was beneficial or manageable. We are saying that it can be hugely beneficial. It may be manageable, but there are aspects to the managing part of it that we haven't studied at all or sufficiently. I remain worried. I'm opposed to saying we therefore have to eliminate it. It's there now. One of the major points is that we think there should be created some philosophy to guide to the research.

Time: Who would you suggest would make that philosophy? What's the next step?

Kissinger: We need a number of little groups that ask questions. When I was a graduate student, nuclear weapons were new. And at that time, a number of concerned professors at Harvard, MIT and Caltech met most Saturday afternoons to ask, What is the answer? How do we deal with it? And they came up with the arms-control idea.

Schmidt: We need a similar process. It won't be one place, it will be a set of such initiatives. One of my hopes is to help organize those post-book, if we get a good reception to the book.

I think that the first thing is that this stuff is too powerful to be done by tech alone. It's also unlikely that it will just get regulated correctly. So you have to build a philosophy. I can't say it as well as Dr. Kissinger, but you need a philosophical framework, a set of understandings of where the limits of this technology should go. In my experience in science, the only way that happens is when you get the scientists and the policy people together in some form. This is true in biology, is true in recombinant DNA and so forth.

Long-time Slashdot reader SonicSpike quotes the aviation news site AVweb's report on a "Special Airworthiness Information Bulletin" and "Airworthiness Directive" being issued by America's aircraft-regulating Federal Aviation Administration "concerning the rollout of 5G cellular phone service in 46 major metropolitan areas of the U.S." (reportedly happening on December 5th). The actions are expected to limit the use of automated systems on aircraft that rely on radar altimeters (also called radio altimeters) and it's possible that flight delays and cancellations will result. Reuters also quoted a letter from FAA Deputy Administrator Bradley Mims that says the agency shares "the deep concern about the potential impact to aviation safety resulting from interference to radar altimeter performance from 5G network operations in the C band."

In an auction of radio spectrum last year, the major telecoms paid a total of $78 billion in an FCC auction to get access to a thin slice of the finite range of available radio frequencies to carry 5G signals. Those signals will be in the 3.7 to 3.98 GHz part of the so-called C-Band, which is apparently the sweet spot for carrying the data-heavy 5G signals. Radar altimeters operate in the 4.2-4.4 GHz frequency range (their sweet spot) and the fear is that the nearby powerful cell signals will cause interference for the avionics. The FCC approved the use of the spectrum for 5G saying "well-designed [radio altimeter] equipment should not ordinarily receive any significant interference (let alone harmful interference)."

But aviation groups say the risk for thousands of aircraft is real and the FAA seems to agree.

Slashdot reader FlatEric521 tipped us off to an interesting story (from the News Service of Florida): When police responded in 2018 to a call about a shattered window at a home in Orange County, they found a black Samsung smartphone near the broken window. A woman in the home identified the phone as belonging to an ex-boyfriend, Johnathan David Garcia, who was later charged with crimes including aggravated stalking.

But more than three years after the shattered window, the Florida Supreme Court is poised to hear arguments in the case and consider a decidedly 21st Century question: Should authorities be able to force Garcia to give them his passcode to the phone?

Attorney General Ashley Moody's office appealed to the Supreme Court last year after the 5th District Court of Appeal ruled that requiring Garcia to turn over the passcode would violate his constitutional right against being forced to provide self-incriminating information... The case has drawn briefs from civil-liberties and defense-attorney groups, who contend that Garcia's rights under the U.S. Constitution's 5th Amendment would be threatened if he is required to provide the passcode.

But Moody's office in a March brief warned of trouble for law enforcement if the Supreme Court sides with Garcia in an era when seemingly everybody has a cell phone. Police obtained a warrant to search Garcia's phone but could not do so without a passcode. "Modern encryption has shifted the balance between criminals and law enforcement in favor of crime by allowing criminals to hide evidence in areas the state physically cannot access," the brief said.

Why didn't the European Union drop its annual observation of Daylight Saving Time? ABC News reports: [I]n 2018, the European Parliament voted to end the practice after a poll of 4.8 million Europeans showed overwhelming support for scrapping it. Critics of the ritual have pointed to scientific studies showing the negative physical and psychological effects of switching back and forth to mark daylight saving time. "The time change will be abolished," the European Commission's then-president, Jean-Claude Juncker, told German public broadcaster ZDF in 2018. "People do not want to keep changing their watches."

Although the decision was supposed to take effect in 2021, the coronavirus pandemic has delayed its implementation, pushing it to the bottom of the political agenda for many countries. The fate of daylight saving time in Europe remains unclear.

Member states of the European Union are also struggling to agree on which time to adopt.

"We agree on the time change, but we are stuck on whether to stay on summer or winter time," Karima Delli, a French member of the European Parliament, told French broadcaster BFM TV in 2019. "We have a real problem." While Germany is calling for summer time, Greece and Portugal want to keep switching between the two. Forcing all member states to implement the same time would be complicated, as some would get less daylight than others. So the European Commission, tasked with executing the decision from Parliament, has asked countries to align with their neighbors. But even that would be tricky.

For instance, since the U.K.'s withdrawal from the European Union in 2020, the island nation is no longer concerned with the European Parliament's decision on daylight saving time. Yet neighboring Ireland, a European Union member state, will be impacted by a change to the current system, potentially complicating border crossings...

Only about 70 countries in the world still observe daylight saving time, but many are reconsidering it.

Tonight 70 countries around the world set their clocks back an hour — including most of the United States, Canada, the EU and the UK.

Yet "The practice has drawn complaints about its disruptive effects on sleep and schedules," reports UPI, adding that "The American Academy of Medicine has called for an end to Daylight Saving Time, citing growing research that shows its deleterious effects on health and safety." [U.S.] Lawmakers are also increasingly wondering whether Daylight Saving Time is a good idea. At least 350 bills and resolutions have been introduced in every state taking aim at Daylight Saving Time since 2015, according to the National Conference of State Legislatures. Over the last four years, 19 states have passed similar legislation providing year-round daylight saving time if Congress allowed such changes.

Members of Congress have introduced legislation making changes to Daylight Saving Time, to no avail.

U.S. Sen. Sheldon Whitehouse, (Democrat — Rhode Island), said in a video posted to Twitter on Friday that the upcoming switchover was one of his least favorite times of the year since it means darker afternoons. He touted his Sunshine Protection Act that would make Daylight Saving Time permanent.

"We can do a lot better for daylight for everyone who is up in the afternoon," he said.
Also supporting that change is Florida Republican Senator Marco Rubio. "We're about to once again do this annual craziness of changing the clock, falling back, springing forward," Newsweek quotes him as saying. "Let's go to permanent daylight saving time. The overwhelming majority of members of Congress approve and support it. Let's get it done. Let's get it passed so that we never have to do this stupid change again."

But currently in America it's the Department of Transportation which is in charge of the practice, reports USA Today, and the Department believes that the practice saves energy, prevents traffic accidents and curbs crime.

So, as the Washington Post reports, "It's that time of the year again. We change the clocks back and we whine about it."

After the U.S. Copyright Office's once-every-three-years review of allowed exemptions, "We have some good news to share...." reads a new announcement this week from the Free Software Foundation: The FSF was one of several activist organizations pushing for exemptions to the anticircumvention rules under the Digital Millennium Copyright Act (DMCA) that make breaking Digital Restrictions Management (DRM) illegal, even for ethical and legitimate purposes. We helped bring public awareness to a process that is too often only a conversation between lawyers and bureaucrats.

As of late last week, there are now multiple new exemptions that will help ease some of the acute abuse DRM inflicts on users.

However, the main lesson to be learned here is that we should and must keep pushing. Individual, specific exemptions are not enough. The entire anticircumvention law needs to be repealed. We want to thank the 230 individuals who co-signed their names to our comments supporting exemptions across the board. We should take this as a sign that even though it can be difficult, anti-DRM activism yields practical results.

Section 1201 is one of the most nefarious sections of the DMCA. The provisions contained in 1201 impose legal penalties against anyone trying to circumvent the DRM on their software and devices or, in other words, anyone who tries to control that software or device themselves instead of leaving it up to its corporate overlords.... It takes the hard work of hundreds to secure the anticircumvention use exemptions we already have, and even more work to eke out a few more. Yet thanks to the support of citizens, activists, and researchers around the world, the U.S. Copyright Office has approved a few more, while at the same time demonstrating the DMCA's serious flaws.

In coverage of the new round of anticircumvention exemptions we've seen so far, something that stands out is the U.S. Copyright Office's approval for blind users to break the digital restrictions preventing any ebooks from being processed through a screen reader. At least at first glance, it looks like a big win for all of us concerned with user freedom, but a closer look shows something more sinister, as the U.S. Copyright Office refused to make this exemption permanent. The message this sends to all user freedom activists, but especially the visually impaired among us, is: "we're giving you this now because it would seem inhumane otherwise, but we hope that you'll forget to fight for it later so we can allow corporations to keep on restricting you...."

[P]articipating organizations have been able to make progress on other important exemptions, whether that's the right to install free software on wireless routers or the right to repair dedicated devices like game consoles. It's the coalescing of groups like these that is "chipping away" at Section 1201. At the same time, it's telling that we're forced to fight tooth and nail for the meager exemptions we're granted, even with such a broad base of support. The corporations who have a vested interest in the DMCA and Congress itself are content with the status quo, but we shouldn't be content with patches on a broken system. Incremental progress against Section 1201 is of course a good thing, but we shouldn't lose sight of our goal as user freedom activists: a complete repeal of Section 1201, and all other laws that codify or mandate DRM.

The Defective by Design campaign takes a radical stance when it comes to DRM and the laws that support it. We believe that they should not exist at all, under any circumstance, and we need your help to support this mission....

Peloton, the makers of an internet-connected exercise bike, saw their stock price drop 35% overnight on Thursday, reports CNBC. "At least four Wall Street investment firms downgraded the stock following Peloton's dismal fiscal first-quarter financial report... Peloton's stock has fallen 63% year to date."

The company had cut its annual revenue forecast — by $1 billion — and lowered its projections for both profit margins and paying subscribers. Bloomberg reports: At best, Peloton currently expects to have 3.45 million connected fitness subscriptions by the end of the fiscal year. It had previously called for 3.63 million. And gross profit margin will be 32%, compared with an earlier forecast of 34%. All that will add up to a loss of as much as $475 million, excluding some items....

On a more upbeat note, the company hinted that it plans to launch new products in the coming weeks and months. Peloton has been working on a rowing machine and a heart-rate monitor that attaches to a wearer's arm, Bloomberg News has reported.
The article suggests Peloton's business was hurt by the end of lockdowns, supply-chain constraints, and the cost of freight. But they also point out another factor. "Like several other companies, Peloton also blamed Apple Inc.'s ad-related privacy changes, which have made it more difficult to target shoppers based on their interests." Apple's new Ad Tracking Transparency feature (or "ATT") now first asks users to deny or allow apps to track their activity for the targeted advertising which had apparently been boosting Peloton's business.

And tlhIngan (Slashdot reader #30,335) tipped us off to a larger trend, since Gizmodo reports that Peloton "isn't the only company that has pointed accusingly at Apple lately." When reporting its third quarter earnings at the end of October, Facebook (now called Meta) — which depends on targeted ads for almost 98% of its revenue — said that ATT had decreased the accuracy of its ad targeting. The feature also increased "the cost of driving outcomes" for advertisers, Facebook COO Sheryl Sandberg explained, and made it harder to measure those outcomes. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

On Sunday, the Financial Times reported that ATT had cost Snap, Facebook, Twitter, and YouTube an estimated $9.85 billion in lost revenue in the second half of this year. That's an 87% increase year over year.

The U.S. Department of Defense's internet-defending Cyber Command teamed with "a foreign government" in two operations which shut down a major overseas ransomware group by hijacking its servers, reports the Washington Post. Several U.S. officials told the Post the operation left the ransomware gang's leaders "too frightened of identification and arrest to stay in business." "Domains hijacked from REvil," wrote 0_neday, an REvil leader, on a Russian-language forum popular with cyber criminals, on October 17.... "The server was compromised," he wrote hours later, "and they are looking for me." And then: "Good luck everyone, I'm taking off."

Soon after, REvil ceased operations, such as recruitment of affiliates, ransom negotiations and distribution of malware.

The Washington Post previously reported that REvil's servers ["reachable only through Tor"] had been hacked in the summer, permitting the FBI to have access. The compromise allowed the FBI, working with the foreign partner, to gain access to the servers and private keys, officials said. The bureau was then able to share that information last month with the U.S. Cyber Command, enabling the hijacking, they said... Cyber Command leader, General Paul Nakasone, said at the Aspen Security Forum on Wednesday that while he wouldn't comment on specific operations, "we bring our best people together ... the really good thinkers" to brainstorm ways to "get after folks" conducting ransomware attacks and other malign activities. "I'm pleased with the progress we've made," he said, "and we've got a lot more to do."

The group's departure may be temporary. Ransomware gangs have been known to go underground, regroup and reappear, sometimes under a new name. But the recent development suggests that ransomware crews can be influenced — even temporarily — to cease operations if they fear they will be outed and arrested, analysts say. "The latest voluntary disappearance of REvil highlights the powerful psychological impact of having these villains believe that they are being hunted and that their identities will be revealed," said Dmitri Alperovitch, executive chairman of the think tank Silverado Policy Accelerator and a cyber expert. "U.S. and allied governments should proudly acknowledge these cyber operations and make it clear that no ransomware criminal will be safe from the long reach of their militaries and law enforcement agencies...."

Recorded Future threat intelligence analyst Dmitry Smilyanets believes "REvil as a brand is done."
And meanwhile, an anonymous Slashdot reader shares the news that German investigators "have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang," according to Threatpost. "He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang." The showy billionaire goes by "Nikolay K." on social media, and German police are hoping he'll cruise out of Russia on his next vacation — preferably, to a country with a cooperation agreement with Germany so they can arrest him. In case he decides to kick back somewhere other than sunny Crimea, they've got an arrest warrant waiting for him....

According to Reuters, which broke the news about last week's law enforcement move against the gang, REvil's also behind the Colonial Pipeline attack, as opposed to a culprit presumed to be a ransomware group named DarkSide.

Late Friday night U.S. Congressmen passed a long-awaited Bipartisan Infrastructure bill. "The infrastructure package contains $550 billion in entirely new investments, including money for electric-car charging stations and zero-emission school buses," reports the Washington Post.

"The spending is mostly paid for — without raising taxes. The bulk of the funding comes from repurposing unspent coronavirus relief money and tightening enforcement on reporting gains from cryptocurrency investments."

An additional $65 billion will fund broadband Internet, with new statements on the White House web site hailing the bill as "a once-in-a-generation investment in our nation's infrastructure and competitiveness" and "the largest investment in public transit in U.S. history."

This Bipartisan Infrastructure Deal will rebuild America's roads, bridges and rails, expand access to clean drinking water, ensure every American has access to high-speed internet, tackle the climate crisis, advance environmental justice, and invest in communities that have too often been left behind. The legislation will help ease inflationary pressures and strengthen supply chains by making long overdue improvements for our nation's ports, airports, rail, and roads. It will drive the creation of good-paying union jobs and grow the economy sustainably and equitably so that everyone gets ahead for decades to come. Combined with the President's Build Back Framework, it will add on average 1.5 million jobs per year for the next 10 years.
Or, as U.S. president Biden said in his own statement, the newly-passed bill "will create millions of jobs, turn the climate crisis into an opportunity, and put us on a path to win the economic competition of the 21st Century."

To address the climate crisis, the legislation "will upgrade our power infrastructure, by building thousands of miles of new, resilient transmission lines to facilitate the expansion of renewables and clean energy, while lowering costs," according to the White House's statement. "And it will fund new programs to support the development, demonstration, and deployment of cutting-edge clean energy technologies to accelerate our transition to a zero-emission economy."

More specifics from the White House:

• "Millions of Americans feel the effects of climate change each year when their roads wash out, power goes down, or schools get flooded. Last year alone, the United States faced 22 extreme weather and climate-related disaster events with losses exceeding $1 billion each — a cumulative price tag of nearly $100 billion.... The legislation makes our communities safer and our infrastructure more resilient to the impacts of climate change and cyber-attacks, with an investment of over $50 billion to protect against droughts, heat, floods and wildfires, in addition to a major investment in weatherization. The legislation is the largest investment in the resilience of physical and natural systems in American history."

• "In thousands of rural and urban communities around the country, hundreds of thousands of former industrial and energy sites are now idle — sources of blight and pollution. Proximity to a Superfund site can lead to elevated levels of lead in children's blood. The bill will invest $21 billion clean up Superfund and brownfield sites, reclaim abandoned mine land and cap orphaned oil and gas wells..."

• "U.S. market share of plug-in EV sales is only one-third the size of the Chinese EV market. That needs to change. The legislation will invest $7.5 billion to build out a national network of EV chargers in the United States. This is a critical step in the President's strategy to fight the climate crisis and it will create good U.S. manufacturing jobs. The legislation will provide funding for deployment of EV chargers along highway corridors to facilitate long-distance travel and within communities to provide convenient charging where people live, work, and shop. This investment will support the President's goal of building a nationwide network of 500,000 EV chargers to accelerate the adoption of EVs, reduce emissions, improve air quality, and create good-paying jobs across the country."

• "Broadband internet is necessary for Americans to do their jobs, to participate equally in school learning, health care, and to stay connected. Yet, by one definition, more than 30 million Americans live in areas where there is no broadband infrastructure that provides minimally acceptable speeds — a particular problem in rural communities throughout the country... The Bipartisan Infrastructure Deal will deliver $65 billion to help ensure that every American has access to reliable high-speed internet through a historic investment in broadband infrastructure deployment. The legislation will also help lower prices for internet service and help close the digital divide, so that more Americans can afford internet access...."

An anonymous reader quotes a report from BBC: Electronic monitoring of home workers by companies is rising sharply, a survey suggests. The government is being urged to toughen the rules -- and ban most webcam use. "It was creepy," says Chris. "One of my managers was watching people's personal computers to monitor what we were doing at home -- all the time, not just when we were working. It was a bizarre way to carry on." When the first lockdown started, the firm that employed Chris -- a 31-year-old engineer from Sheffield -- sent most of its staff home. They were ordered to connect their private laptop and desktop computers to more powerful office machines so they could continue their high-tech operations. "We didn't mind," says Chris, "but I found loads of screens switched on one day when I came in to the office, and everybody's desktops were there, on display. "One of the managers wasn't just looking at our work. He could see exactly what we were doing all the time -- what we were watching on YouTube, that kind of thing."

Chris, who changed companies after he found out one of his managers was monitoring his home activities, thinks "excessive" surveillance is counter-productive. "My productivity didn't go down when I started working from home," he says, "and when I knew what was happening it made me more nervous. A lot of the time in my job is spent designing things on paper, away from the screen, so that doesn't register if someone is simply looking at what's going on on my desktop. It probably looked to that guy like I was downstairs watching Netflix or something, but I wasn't. It's a very blunt, depersonalizing way of trying to ensure people behave in the way a company wants."

wiredmikey shares a report from SecurityWeek: The U.S. government wants to find the people responsible for the Colonial Pipeline ransomware attack (and many others) and it's putting up multi-million rewards for data on the operators behind the DarkSide extortion campaign. The Department of State on Thursday offered up to $10 million for information leading to the identification or location of senior members of the DarkSide gang that caused major gas disruptions earlier this year. In addition, the U.S. State Department is offering a reward of up to $5 million for information leading to the arrest and/or conviction in any country "of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident." "In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals," it added. "The United States looks to nations who harbor ransomware criminals that are willing to bring justice for those victim businesses and organizations affected by ransomware."

An anonymous reader quotes a report from Gizmodo, written by climate reporter Brian Kahn: In a major announcement at United Nations climate talks on Thursday, 20 countries said they would stop funding fossil fuel development abroad and instead plow money into clean energy. The group of countries includes finance heavy-hitters like the U.S., UK, and Canada as well as smaller players like Mali and Costa Rica. An analysis by Oil Change International indicates that the 20 countries plus four other investment institutions who signed on could shift $15 billion annually from funding fossil fuels to clean energy projects. "The signatories of today's statement are doing what's most logical in a climate emergency: stop adding fuel to the fire and shift dirty finance to climate action," Laurie van der Burg, the global public finance campaigns co-manager at Oil Change International, said in an emailed statement.

[T]he agreement doesn't pull funding from projects already in the pipeline (climate joke, please laugh). Between 2018 and 2020, Oil Change International also found, the G20 kicked an estimated $188 billion to fossil fuel projects in other countries. That's a lot of very recent extraction happening. The lack of financing abroad also doesn't mean a lack of financing at home. The U.S. and Canada, for example, are major oil and gas producers. Without a plan to wind down production at home, the pledge to end financing for fossil fuels abroad is a bit like promising you won't lend your neighbor money for cigarettes while you keep smoking a pack a day.

Some of the biggest smokers -- errr, fossil fuel funders -- on the block also didn't sign on. Those include Japan, Korea, and China, which are the biggest fossil fuel backers in the G20, according to Oil Change International. Together, they account for more than $29 billion in annual fossil fuel development abroad. That's a major lifeline for fossil fuel developers. We also still need more details on the pledge to end funding, including how exactly the 20 countries and banks define fossil fuel funding. Lastly, the world's private banks and investment firms also need to sign on.

The U.S. Court of Federal Claims ruled against Jeff Bezos' Blue Origin in the company's lawsuit versus NASA over a lucrative astronaut lunar lander contract awarded to Elon Musk's SpaceX earlier this year. Federal judge Richard Hertling sided with the defense in his ruling, completing a months-long battle after Blue Origin sued NASA in August. From a report: Blue Origin, NASA, and SpaceX did not immediately respond to requests for comment on the ruling. NASA in April awarded SpaceX with the sole contract for the agency's Human Landing System program under a competitive process. Worth $2.9 billion, the SpaceX contract will see the company use its Starship rocket to deliver astronauts to the moon's surface for NASA's upcoming Artemis missions.

23andMe CEO Anne Wojcicki wants to make drugs using insights from millions of customer DNA samples, and doesn't think that should bother anyone. From a report: A few months ago, on the morning 23andMe Holding Co. was about to go public, Chief Executive Officer Anne Wojcicki received a framed sheet of paper she hadn't seen in 15 years. As she was preparing to ring in the Nasdaq bell remotely from the courtyard of her company's Silicon Valley headquarters, Patrick Chung, one of its earliest investors, presented her with the pitch document she'd shown him when she was first asking for money, reproduced on two pieces of paper so she could see both sides. The one-sheet outlined a radical transformation in the field of DNA testing. Wojcicki's plan back then was to turn genetics from the rarefied work of high-end labs into mainstream health and quasi entertainment products.

First she'd sell tastemakers on her mail-in spit kits as a way to learn sort-of-interesting things about their DNA makeup, such as its likely ancestral origins and the chance it would lead to certain health conditions. Eventually she'd be able to lower prices enough to make the kits broadly accessible, allowing 23andMe to build a database big enough to identify new links between diseases and particular genes. Later, this research would fuel the creation of drugs the company could tailor to different genetic profiles. 23andMe would become a new kind of health-care business, sitting somewhere between a Big Pharma lab, a Big Tech company, and a trusted neighborhood doctor.

Some of this still sounds as far off now as it did during the Bush years. Improbably, though, 23andMe has rounded second base and is heading for third. Wojcicki did sell millions of people on DNA test kits -- 11 million and counting -- and bring such tests to the mainstream, with some help from Oprah's holiday gift guide. An estimated 1 in 5 Americans have turned over their genetic material to 23andMe or one of its competitors. Now that she's got the data, Wojcicki is working on the drugs. Her company is collaborating on clinical trials for one compound (and nearing trials for another) that could be used for what's known as immuno-oncology, treatments that attempt to harness the body's complex immune system to beat cancer. 23andMe says it's also exploring drugs with potential use in treatments for neurological, cardiovascular, and other conditions, though it declined to specify them. Last month the company bought Lemonaid Health, a telehealth and drug delivery startup that offers treatment and prescriptions for a select group of conditions, including depression, anxiety, and STDs.

An anonymous reader quotes a report from Vox: Facebook says it will stop using facial recognition for photo-tagging. In a Monday blog post, Meta, the social network's new parent company, announced that the platform will delete the facial templates of more than a billion people and shut off its facial recognition software, which uses an algorithm to identify people in photos they upload to Facebook. This decision represents a major step for the movement against facial recognition, which experts and activists have warned is plagued with bias and privacy problems. But Meta's announcement comes with a couple of big caveats. While Meta says that facial recognition isn't a feature on Instagram and its Portal devices, the company's new commitment doesn't apply to its metaverse products, Meta spokesperson Jason Grosse told Recode. In fact, Meta is already exploring ways to incorporate biometrics into its emerging metaverse business, which aims to build a virtual, internet-based simulation where people can interact as avatars. Meta is also keeping DeepFace, the sophisticated algorithm that powers its photo-tagging facial recognition feature.

"We believe this technology has the potential to enable positive use cases in the future that maintain privacy, control, and transparency, and it's an approach we'll continue to explore as we consider how our future computing platforms and devices can best serve people's needs," Grosse told Recode. "For any potential future applications of technologies like this, we'll continue to be public about intended use, how people can have control over these systems and their personal data, and how we're living up to our responsible innovation framework."

An anonymous reader quotes a report from Motherboard: Former police officer, vegan, and mayor-elect of New York City Eric Adams has dreams of putting the Big Apple on the blockchain. In an interview with Bloomberg Radio on Wednesday, Adams bragged that he would finally transform the city into one hospitable to cryptocurrency. "We need to look at what's preventing the growth of bitcoins and cryptocurrency in our city," Adams told Bloomberg on Wednesday. He pointed to Miami, which has recently attempted to attract the cryptocurrency industry to the city, teasing a "friendly competition" on the horizon. "He has a MiamiCoin that is doing very well -- we're going to look in the direction to carry that out."

Adams has been promising to do this since he was a candidate last year, vowing to make the city a hub of all things crypto. "I'm going to promise you in one year, you're going to see a different city," he said at one event last June. "We're going to bring businesses here. We're going to become the center of life science, the center of cybersecurity, the center of self-driving cars and drones, the center of bitcoins, the center of all the technology," It's still not clear what that actually means or would entail. This may mean contending with the state's cryptocurrency regulations -- namely the Bitlicense. Introduced in 2015, the Bitlicense is a requirement for any entity that wants to carry out cryptocurrency-related transactions.

Three years after an employee revolt forced Google to abandon work on a Pentagon program that used artificial intelligence, the company is aggressively pursuing a major contract to provide its technology to the military. From a report: The company's plan to land the potentially lucrative contract, known as the Joint Warfighting Cloud Capability, could raise a furor among its outspoken work force and test the resolve of management to resist employee demands. In 2018, thousands of Google employees signed a letter protesting the company's involvement in Project Maven, a military program that uses artificial intelligence to interpret video images and could be used to refine the targeting of drone strikes. Google management caved and agreed to not renew the contract once it expired.

The outcry led Google to create guidelines for the ethical use of artificial intelligence, which prohibit the use of its technology for weapons or surveillance, and hastened a shake-up of its cloud computing business. Now, as Google positions cloud computing as a key part of its future, the bid for the new Pentagon contract could test the boundaries of those A.I. principles, which have set it apart from other tech giants that routinely seek military and intelligence work. The military's initiative, which aims to modernize the Pentagon's cloud technology and support the use of artificial intelligence to gain an advantage on the battlefield, is a replacement for a contract with Microsoft that was canceled this summer amid a lengthy legal battle with Amazon. Google did not compete against Microsoft for that contract after the uproar over Project Maven.

The Pentagon's restart of its cloud computing project has given Google a chance to jump back into the bidding, and the company has raced to prepare a proposal to present to Defense officials, according to four people familiar with the matter who were not authorized to speak publicly. In September, Google's cloud unit made it a priority, declaring an emergency "Code Yellow," an internal designation of importance that allowed the company to pull engineers off other assignments and focus them on the military project, two of those people said. On Tuesday, the Google cloud unit's chief executive, Thomas Kurian, met with Charles Q. Brown, Jr., the chief of staff of the Air Force, and other top Pentagon officials to make the case for his company, two people said. Google, in a written statement, said it is "firmly committed to serving our public sector customers" including the Defense Department, and that it "will evaluate any future bid opportunities accordingly."

The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts. From a report: The call came from PayPal's fraud prevention system. Someone had tried to use my PayPal account to spend $58.82, according to the automated voice on the line. PayPal needed to verify my identity to block the transfer. "In order to secure your account, please enter the code we have sent your mobile device now," the voice said. PayPal sometimes texts users a code in order to protect their account. After entering a string of six digits, the voice said, "Thank you, your account has been secured and this request has been blocked. Don't worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up," the voice said.

But this call was actually from a hacker. The fraudster used a type of bot that drastically streamlines the process for hackers to trick victims into giving up their multi-factor authentication codes or one-time passwords (OTPs) for all sorts of services, letting them log in or authorize cash transfers. Various bots target Apple Pay, PayPal, Amazon, Coinbase, and a wide range of specific banks. Whereas fooling victims into handing over a login or verification code previously would often involve the hacker directly conversely with the victim, perhaps pretending to be the victim's bank in a phone call, these increasingly traded bots dramatically lower the barrier of entry for bypassing multi-factor authentication.

After Canada, now Australia has found that controversial facial recognition company, Clearview AI, broke national privacy laws when it covertly collected citizens' facial biometrics and incorporated them into its AI-powered identity matching service -- which it sells to law enforcement agencies and others. From a report: In a statement today, Australia's information commissioner and privacy commissioner, Angelene Falk, said Clearview AI's facial recognition tool breached the country's Privacy Act 1988 by:

Collecting Australians' sensitive information without consent
Collecting personal information by unfair means
Not taking reasonable steps to notify individuals of the collection of personal information
Not taking reasonable steps to ensure that personal information it disclosed was accurate, having regard to the purpose of disclosure
Not taking reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles.

UnknowingFool writes: The civil trial of Ira Kleiman vs. Craig Wright started on Monday in Miami. The estate of David Kleiman is suing Craig Wright, the self declared inventor of bitcoin, for 50% ownership of 1.1 million bitcoins. The estate claims Kleiman was in a partnership with Wright to mine the coins but after Kleiman died in April 2013, Wright denied any partnership. At over $60,000 each per bitcoin, this case is currently worth $65 billion.

Craig Wright has previously claimed he is the inventor of Bitcoin, Satoshi Nakamoto, which has been met with skepticism based on his inability to show any proof. In this case, Wright has made numerous dubious claims. After the case was filed in 2018, Wright claimed he did not have the keys to the coins but that they would be arriving in January 2020 through a "bonded courier." After January 2020, Wright provided keys to the estate for verification which the estate claims the bitcoins were fake. Expressing skepticism that the courier even existed, the estate asked for more information about the courier. Wright then claimed the identity of the courier and all communications were protected under attorney-client privilege as the courier was an attorney.

Facebook plans to shut down its decade-old facial recognition system this month, deleting the face scan data of more than one billion users and effectively eliminating a feature that has fueled privacy concerns, government investigations, a class-action lawsuit and regulatory woes. From a report: Jerome Pesenti, vice president of artificial intelligence at Meta, Facebook's newly named parent company, said in a blog post on Tuesday that the social network was making the change because of "many concerns about the place of facial recognition technology in society." He added that the company still saw the software as a powerful tool, but "every new technology brings with it potential for both benefit and concern, and we want to find the right balance." The decision shutters a feature that was introduced in December 2010 so that Facebook users could save time.

The facial-recognition software automatically identified people who appeared in users' digital photo albums and suggested users "tag" them all with a click, linking their accounts to the images. Facebook now has built one of the largest repositories of digital photos in the world, partly thanks to this software. Facial-recognition technology, which has advanced in accuracy and power in recent years, has increasingly been the focus of debate because of how it can be misused by governments, law enforcement and companies. In China, authorities use the capabilities to track and control the Uighurs, a largely Muslim minority. In the United States, law enforcement has turned to the software to aid policing, leading to fears of overreach and mistaken arrests. Some cities and states have banned or limited the technology to prevent potential abuse.

A U.S. Treasury Department-led regulatory body called on Monday for Congress to regulate issuers of "stablecoins" like banks and urged financial agencies to assess whether the role of these fast-growing digital assets in the country's payments system posed a systemic risk. Reuters reports: The hotly awaited report by the President's Working Group on Financial Markets will likely boost policymakers' efforts to put guardrails around stablecoins, a type of digital asset pegged to traditional currencies which the body said could pose threats to the broader financial system. Stablecoins, which include the likes of Tether, USD Coin and Binance USD, have ballooned 500% to reach a market cap of $127 billion over the past 12 months, according to the report. "The rapid growth of stablecoins increases the urgency of this work," the report stated. "Failure to act risks growth of payment stablecoins without adequate protection for users, the financial system, and the broader economy."

While stablecoins are primarily used to facilitate trading in other cryptocurrencies, they could become widely used by households and businesses to make payments, the report said. Currently, though, stablecoins have a wide range of policies governing disclosures, what assets are held in reserve to back the coins, and around redemption rights, all of which could make them susceptible to runs if users lose confidence in the asset. "Runs could spread contagiously from one stablecoin to another, or to other types of financial institutions that are believed to have a similar risk profile. Risks to the broader financial system could rapidly increase as well, especially in the absence of prudential standards," the report warned. Chief among the report's recommendations is for Congress to "urgently" pass a law that would regulate stablecoin issuers akin to insured depository institutions, subjecting them to strict supervision by banking regulators while also providing some form of government backstop in the event of crises.

The U.S. Copyright Office "is expanding a legal shield for fixing digital devices," reports the Verge, "including cars and medical devices."

Earlier this week the office "submitted new exemptions to Section 1201 of the Digital Millennium Copyright Act, which bars breaking software copy protection. The resulting rules include a revamped section on device repair, reflecting renewed government pressure around 'right to repair' issues." [T]his latest rulemaking adopts repair-related proposals from the Electronic Frontier Foundation, iFixit, and other organizations. The Librarian of Congress adopted the recommendations in a final rule that will take effect [Thursday].

The exemptions replace an itemized list of repairable devices with broad protections for any consumer devices that rely on software to function, as well as land and sea vehicles and medical devices that aren't consumer-focused. The rulemaking doesn't rewrite the exemption to cover all non-consumer devices, and it doesn't cover all "modification," only "diagnosis, maintenance, and repair." For video game consoles specifically, repair only covers repairing the device's optical drives and requires reenabling any technological protection measures that were circumvented afterward.
The Verge notes that Acting General Counsel Kevin Amer told reporters the exemption should prove useful, adding that their decision had been influenced by an earlier executive order from the Biden administration supporting third-party and consumer repair work. The article also notes other U.S. agencies are also moving on the issue. "The Federal Trade Commission, for instance, has pledged to fight business practices that lock out independent repair shops.

"This copyright rulemaking doesn't address those practices, but it helps lift a legal threat hanging over technicians and consumers."

From the editorial board of the Pittsburgh Post-Gazette: In 1947, more than 4 million Americans owned $3.4 billion in saving deposits held not by a bank or credit union, but by the United States Postal Service. It's a largely forgotten part of American banking (and postal) history that the USPS ran the Postal Savings System for 56 years, from 1911 to 1967... [T]o this day postal services around the world provide small-scale financial services, from check cashing to savings accounts to e-commerce solutions, such as allowing refunds for returned goods to be deposited directly into a consumer's postal account. In September, the U.S. Postal Service took the first steps toward restoring its place in Americans' financial lives: At four East Coast post offices, customers can now get paychecks or business checks worth up to $500 cashed for a flat fee of $5.95....

Postal banking has the potential to reorient the American financial landscape for the benefit the most vulnerable. A fifth of Americans are considered "unbanked" or "underbanked," often relying on unscrupulous payday lenders because they lack the week-to-week security to set even a little aside in a traditional account. According to a 2014 USPS report, in 2012 alone these "alternative financial services" wrung $89 billion in interest and fees out of the poorest Americans... Postal banking also has a bipartisan pedigree. While it has most recently been a centerpiece of the progressive platforms of Sen. Bernie Sanders, I-Vt., it has also been promoted by reformist conservatives as a way to get and keep capital in local communities, rather than having it held in the coffers of multinational conglomerates.

And finally, an expansion into basic financial services may be essential to the very survival of the U.S. Postal Service. As Amazon and private shipping companies continue to press their advantage, the Postal Service can press its own: thousands of locations in every nook and cranny of the country, along with broad community trust.
This modest pilot "is the foundation for more expansive contemplated postal banking services that could include bill-paying services, ATM access and money-order and wire-transfer capabilities," argues a follow-up piece in the same newspaper: Local bank branches are shuttering in communities all across our country, and mainstream banks are failing to offer financial services that meet the needs of many communities... Robust postal banking, which should ultimately include checking and savings accounts as well as loan options, could step into the breach and provide equitable, accessible and affordable financial services to people who lack access to traditional bank services and would otherwise have to turn to high-cost and low-value fringe financial institutions... Underbanked households have an average annual income of $25,000 and typically spend approximately 10% of their income on fees and interest to fringe financial institutions simply to access their money — an amount equal to what the average household spends on food annually...

Postal banking provides an economic lifeline to countless Americans living in banking deserts. The Postal Service's 34,000 facilities service every ZIP code in the country. More than two-thirds of the census tracts that have a post office do not have a bank branch. Postal banking also provides transparent and equitable services and costs. Traditional bank fees and requirements — such as minimum balance requirements, activity fees and overdraft charges — exclude low-income and small-balance customers... Postal banking is a key pathway from poverty to economic mobility for millions of Americans and also produces significant revenue and opportunities for the Postal Service to flourish and expand its business model.

"The third time my 1999 Honda Civic was stolen, I had a plan," writes Washington Post technology reporter Heather Kelly. Specifically, it was a tile tracker hidden in the car, "quietly transmitting its approximate location over Bluetooth." Later that day, I was across town hiding down the block from my own car as police detained the surprised driver. When the Tile app pinged me with a last known location, I showed up expecting the car to be abandoned. I quickly realized it was still in use, with one person looking through the trunk and another napping in the passenger seat, so I called the police...

In April of this year, one month after my car was stolen, Apple released the $29 AirTag, bringing an even more effective Bluetooth tracking technology to a much wider audience. Similar products from Samsung and smaller brands such as Chipolo are testing the limits of how far people will go to get back their stolen property and what they consider justice. "The technology has unintended consequences. It basically gives the owner the ability to become a mini surveillance operation," said Andrew Guthrie Ferguson, a law professor at the American University Washington College of Law...

Apple has been careful to never say AirTags can be used to recover stolen property. The marketing for the device is light and wholesome, focusing on situations like lost keys between sofa cushions. The official tagline is "Lose your knack for losing things" and there's no mention of crime, theft or stealing in any of the ads, webpages or support documents. But in reality, the company has built a network that is ideal for that exact use case. Every compatible iPhone, iPad and Mac is being silently put to work as a location device without their owners knowing when it happens. An AirTag uses Bluetooth to send out a ping with its encrypted location to the closest Apple devices, which pass that information on to the Apple cloud. That spot is visible on a map in the Find My app. The AirTag owner can also turn on Lost Mode to get a notification the next time it's detected, as well as leave contact information in case it's found. Apple calls this the Find My network, and it also works for lost or stolen Apple devices and a handful of third-party products. The proliferation of compatible Apple devices — there are nearly a billion in the network around the world — makes Find My incredibly effective, especially in cities. (Apple device owners are part of the Find My network by default, but can opt out in settings, and the location information is all encrypted...)

All the tracker companies recommend contacting law enforcement first, which may sound logical until you find yourself waiting hours in a parking lot for officers to address a relatively low-priority crime, or having to explain to them what Bluetooth trackers are.
The Times shares stories of two people who tried using AirTags to track down their stolen property. One Seattle man tracked down his stolen electric bike — and ended up pedalling away furiously on the (now out of power) bicycle as the suspected thief chased after him.

And an Ohio man waited for hours in an unfamiliar drugstore parking lot for a response from the police, eventually travelling with them to the suspect's house — where his stolen laptop was returned to the police officer by a man holding two babies in his arms.

Some parents have even hidden them in their childrens' backpacks, and pet owners have hidden them in their pet's collars, the Times reports — adding that the EFF's director of cybersecurity sees another possibility. "The problem is it's impossible to build a tool that is designed to track down stolen items without also building the perfect tool for stalking."

To fund the Truth social network, former U.S. president Trump merged it with a special purpose acquisition company (or "SPAC"), reports the New York Times. "The result is that Mr. Trump — largely shut out of the mainstream financial industry because of his history of bankruptcies and loan defaults — secured nearly $300 million in funding for his new business."

But there may be a hitch: To get his deal done, Mr. Trump ventured into an unregulated and sometimes shadowy corner of Wall Street, working with an unlikely cast of characters: the former "Apprentice" contestants, a small Chinese investment firm and a little-known Miami banker named Patrick Orlando. Mr. Orlando had been discussing a deal with Mr. Trump since at least March, according to people familiar with the talks and a confidential investor presentation reviewed by The New York Times.

That was well before his SPAC, Digital World Acquisition, made its debut on the Nasdaq stock exchange last month. In doing so, Mr. Orlando's SPAC may have skirted securities laws and stock exchange rules, lawyers said... SPACs aren't supposed to have a merger planned at the time of their I.P.O. Lawyers and industry officials said that talks between Mr. Orlando and Mr. Trump or their associates consequently could draw scrutiny from the Securities and Exchange Commission.

Another issue is that Digital World's securities filings repeatedly stated that the company and its executives had not engaged in any "substantive discussions, directly or indirectly," with a target company — even though Mr. Orlando had been in discussions with Mr. Trump. Given the politically fraught nature of a deal with Mr. Trump, securities lawyers said that Digital World's lack of disclosure about those conversations could be considered an omission of "material information."
The Times adds that Trump had previously even discussed merging Trump Media with a smaller SPAC created with help from the same Shanghai-based investment bank — which "specialized in helping Chinese companies list on U.S. stock exchanges."

"U.S. tech giant Google has paid Russia more than 32 million roubles ($455,079) in fines," reports Reuters, "for failing to delete content Moscow deems illegal, the company and a Russian lawmaker said after talks on Monday." Russia last week said it would seek to fine the U.S. tech giant a percentage of its annual Russian turnover later this month for repeatedly failing to delete banned content on its search engine and YouTube, in Moscow's strongest move yet to rein in foreign tech firms... Russia's state communications regulator, Roskomnadzor, on Monday said it has the technical capability to slow down the speed of YouTube, Interfax reported, but that administrative measures are currently sufficient.

In 2020, Google's compliance with requests to delete content was 96.2%, Pancini said, and in the first half of this year, it removed over 489,000 videos, but Russia said too much banned content still remained available.

According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoena'd Signal for a whole pile of user data, like subscriber information, financial information, transaction histories, communications, and more. HotHardware reports: The thing is, the subpoena is moot: Signal simply doesn't have the data to provide. The company can't provide any of the data that the grand jury is asking for because, as the company itself notes, "Signal doesn't have access to your messages, your chat list, your groups, your contacts, your stickers, [or] your profile name or avatar." The only things that Signal can offer up to the court are Unix timestamps for when the accounts in question were created and last accessed the service.

The announcement (and, we suppose, this news post) essentially amounts to an advertisement for Signal, but it's an amusing -- or possibly distressing -- anecdote nonetheless. While Signal is secure, keep in mind that the messages still originate from your device, which means that other apps on your device (like, say, your keyboard) could still be leaking your data. Lest you doubt Signal's story, the app creators have published the subpoena, suitably redacted, on their blog.

The head of America's Intelligence Community reports that the U.S. intelligence community "was able to reach broad agreement" on several key issues about the origins of COVID-19.

"We judge the virus was not developed as a biological weapon," they announced today.

In addition, the U.S. intelligence community report includes a second new assessment: that China's officials "did not have foreknowledge of the virus before the initial outbreak of COVID-19 emerged."

Beyond that, they note that most of the intelligence community's agencies also specifically assess that SARS-CoV-2 "probably was not genetically engineered" (albeit with "low confidence"). Of the 19 member agencies in the U.S. intelligence community, just two believed that there just wasn't enough evidence to actually issue an assessment of either possibility, the report adds.

The [U.S.] intelligence community judges they will be unable to provide a more definitive explanation for the origin of COVID-19 unless new information allows them to determine the specific pathway for initial natural contact with an animal or to determine that a laboratory in Wuhan was handling SARS-CoV-2 or a close progenitor virus before COVID-19 emerged. The intelligence community — and the global scientific community — lacks clinical samples or a complete understanding of epidemiological data from the earliest COVID-19 cases. If we obtain information on the earliest cases that identified a location of interest or occupational exposure, it may alter our evaluation of hypotheses.

China's cooperation most likely would be needed to reach a conclusive assessment of the origins of COVID-19. Beijing, however, continues to hinder the global investigation, resist sharing information, and blame other countries, including the United States. These actions reflect, in part, China's government's own uncertainty about where an investigation could lead as well as its frustration the international community is using the issue to exert political pressure on China.
In assessing whether a lab incident or a "natural" exposure to an infected animal caused the outbreak, they cited assessments from eight different U.S. intelligence community elements. Half of them agreed with the National Intelligence Council assessment (with low confidence) "that the initial SARS-CoV-2 infection was most likely caused by natural exposure to an animal infected with it or a close progenitor virus — a virus that probably would be more than 99 percent similar to SARS-CoV-2. These analysts give weight to China's officials' lack of foreknowledge, the numerous vectors for natural exposure, and other factors."

Three of the remaining four "remain unable to coalesce around either explanation without additional information, with some analysts favoring natural origin, others a laboratory origin, and some seeing the hypotheses as equally likely." One element did assess "with moderate confidence that the first human infection with SARS-CoV-2 most likely was the result of a laboratory-associated incident, probably involving experimentation, animal handling, or sampling by the Wuhan Institute of Virology... Variations in analytic views largely stem from differences in how agencies weigh intelligence reporting and scientific publications and intelligence and scientific gaps."

The 18-page assessment includes an appendix addressing details of specific theories, but ultimately concludes that "Our growing understanding of the similarities of SARS-CoV-2 to other coronaviruses in nature and the ability of betacoronaviruses — the genus to which SARS-CoV-2 belongs — to naturally recombine suggests SARS-CoV-2 was not genetically engineered." It even notes that the much-discussed furin cleavage sites "have been identified in naturally occurring coronaviruses in the same genetic location [as in SARS-CoV-2]. This suggests that SARS-CoV-2 or a progenitor virus could have acquired its furin cleavage sites through natural recombination with another virus."

The U.S. government owes a patent holding company at least $103 million because of the Transportation Security Administration's misuse of its technology for handling trays at airport security checkpoints, a Washington, D.C.-based federal court said. Reuters reports: In an opinion (PDF) made public Friday, the U.S. Court of Federal Claims said the TSA used SecurityPoint Holdings Inc's patented methods for most of its security screenings at the largest U.S. airports since 2008 without compensating it. St. Petersburg, Florida-based SecurityPoint's founder Joseph Ambrefe offered the TSA a license to his patent in 2005 in exchange for the exclusive right to advertise on the trays at U.S. airports. The TSA had success testing SecurityPoint's technology and equipment, but refused SecurityPoint's offer.

The court said the TSA began using the same method with its own equipment later that year at most or all of the airports under its control, and SecurityPoint sued the U.S. government for patent infringement in 2011. The government conceded that it had used the technology since 2008 in 10 airports including Dallas/Fort Worth, Boston Logan, Phoenix Sky Harbor and all three major Washington, D.C.-area airports. The court rejected the government's arguments that SecurityPoint's patent was invalid in 2015, leaving questions about the extent of the government's infringement and how much it owed in damages.

After a trial last year, Senior U.S. Judge Eric Bruggink of the Court of Federal Claims said in an August opinion unsealed Friday that the government owes SecurityPoint $103.6 million in royalties from 2008 through the date of the opinion. Bruggink said the TSA's checkpoint design guides, employee testimony and expert testimony showed that with a few exceptions, SecurityPoint's tray-recycling method was "universally used as the default method for all lanes" at the largest U.S. airports.

Google is now making it easier for minors or their parents to have photos of them deleted from search results. CNN reports: In a blog post published Wednesday, the company said it is rolling out a tool that lets parents and kids under the age of 18 request photos be removed from its images tab or no longer appear as thumbnails in a search inquiry. The new form allows users to flag URLs of any images or search results that contain pictures they want removed. Google said its teams will review each submission and reach out if they need additional information to verify the requirements for removal. However, the company emphasized this won't remove the image from the internet entirely; people will need to contact a website's webmaster to ask for that content to be removed. "We know that kids and teens have to navigate some unique challenges online, especially when a picture of them is unexpectedly available on the internet," the company said in the blog post. "We believe this change will help give young people more control over their digital footprint and where their images can be found on Search."

Huq, an established data vendor that obtains granular location information from ordinary apps installed on people's phones and then sells that data, has been receiving GPS coordinates even when people explicitly opted-out of such collection inside individual Android apps, researchers and Motherboard have found. From a report: The news highlights a stark problem for smartphone users: that they can't actually be sure if some apps are respecting their explicit preferences around data sharing. The data transfer also presents an issue for the location data companies themselves. Many claim to be collecting data with consent, and by extension, in line with privacy regulations. But Huq was seemingly not aware of the issue when contacted by Motherboard for comment, showing that location data firms harvesting and selling his data may not even know whether they are actually getting this data with consent or not.

"This shows an urgent need for regulatory action," Joel Reardon, assistant professor at the University of Calgary and the forensics lead and co-founder of AppCensus, a company that analyzes apps, and who first flagged some of the issues around Huq to Motherboard, said in an email. "I feel that there's plenty wrong with the idea that -- as long as you say it in your privacy policy -- then it's fine to do things like track millions of people's every moment and sell it to private companies to do what they want with it. But how do we even start fixing problems like this when it's going to happen regardless of whether you agree, regardless of any consent whatsoever."

A security bug in the health app Docket exposed the private information of residents vaccinated against COVID-19 in New Jersey and Utah, where the app received endorsements from state officials. From a report: Docket lets residents download and carry a digital copy of their immunizations by pulling their vaccination records from their state's health authority. The digital copy has the same information as the COVID-19 paper card, but is digitally signed by the state to prevent forgeries. Docket is one of several so-called vaccine passports in the U.S., allowing residents to show their vaccination records -- or a scannable QR code -- for getting into events, restaurants or crossing into countries where vaccines are required.

But for a time, the app allowed anyone access to the QR codes of other vaccinated users -- and all the personal and vaccine information encoded within. That included names, dates of birth and information about a person's COVID-19 vaccination status, such as which type of vaccine they received and when. TechCrunch discovered the bug on Tuesday and immediately contacted the company. Docket chief executive Michael Perretta said the bug was fixed at the server level a few hours later. The bug was found in how the Docket app requests the user's QR code from its servers. The user's QR code is generated on the server in the form of a SMART Health Card, a widely accepted standard for validating a person's vaccination status across the world. That QR code is tied to a user ID, which isn't visible from the app, but can be viewed by looking at its network traffic using off-the-shelf software like Burp Suite or Charles Proxy.

An anonymous reader quotes a report from The Guardian: India's supreme court has ordered an independent inquiry into whether the government used the surveillance software Pegasus to spy illegally on journalists, activists and political opponents. The decision on Wednesday to create an independent committee to investigate whether and how the Indian state had used the Israeli spyware tool was a significant victory for privacy campaigners after years of stonewalling by Narendra Modi's government. The order was a response to cases lodged by several Indian journalists and activists, including some revealed by the Guardian and a consortium of reporting partners to have been victims of Pegasus -- a cyber-weapon capable of hacking a target's smartphone, extracting its contents and turning on the device's microphone and camera.

Pegasus is a cyber-weapon capable of hacking a target's smartphone, extracting its contents and turning on the device's microphone and camera. Analysis by the media outlets of infected phones, and of a wider list of more than 50,000 phone numbers believed to have been selected as persons of interest by clients of Pegasus' manufacturer, NSO Group, strongly indicated the Indian government was using the tool. Delhi has consistently declined to confirm if it has access to it. The committee will comprise three cybersecurity experts and its work will be overseen by a retired supreme court judge. It will submit its report in two months. The expert group will have powers to call witnesses and seek documents as part of its fact-finding mission, and can issue adverse findings against individuals or the government if they decline to cooperate. The court listed another hearing date for after the committee's reporting deadline, indicating it intended to continue pursuing the issue.

A "sophisticated" teenager has had $2.88m in cryptocurrency confiscated after he set up a phishing site and advertised it on Google, duping consumers into handing over gift voucher redemption codes. From a report: The schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results, Lincoln Crown Court was told. Crown prosecutor Sam Skinner told Her Honour Judge Catarina Sjolin Knight that the boy, whose identity is protected by a court order, harvested $8,931 worth of vouchers in the week his site was active. Love2shop began investigating in April 2020 after a customer complained, at which point the boy took down his fake site. The stolen vouchers were converted into Love2Shop vouchers on the A-level student's own account. A later police investigation discovered 12,000 credit card numbers on his computer along with details for 197 Paypal accounts. On top of that, he had 48 Bitcoins: when police arrested him in August last year these were worth $275,000 but their value has risen tenfold since. Sentencing the boy earlier this week, HHJ Knight commented in court: "If he was an adult he would be going inside."

Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm. From a report: Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders." Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos. The victory comes after controversy over a previous (and not directly related) Swiss court order that forced the company to collect mobile device push notification identifiers from a specified user's account. That user was later arrested by French police, who had asked their Swiss counterparts to obtain the surveillance order. Protonmail chief exec Andy Yen told The Register his business doesn't routinely collect such data on its users.

An anonymous reader quotes a report from Reuters: Sophie Fornairon's independent bookshop has survived the rise of Amazon thanks to a French law that prohibits price discounting on new books, but she says the e-commerce giant's ability to undercut on shipping still skews the market against stores like hers. Fornairon, who owns the Canal Bookstore in central Paris, now hopes that new legislation that would set a minimum price for book deliveries will even the contest further in the battle of neighborhood stores against Amazon. "It's a just return towards a level playing field," Fornairon, who employs four workers, said. "We're not at risk of closing down any time soon, but Amazon is a constant battle".

French law prohibits free book deliveries but Amazon has circumvented this by charging a single centime (cent). Local book stores typically charge about 5-7 euros ($5.82-8.15) for shipping a book. Amazon's pricing strategy had resulted in the growing market share of a single operator, the Ministry of Culture said. "This law is necessary to regulate the distorted competition within online book sales and prevent the inevitable monopoly that will emerge if the status quo persists," the ministry told Reuters. Centre-right Senator Laure Darcos, who drafted the law, decided upon the minimum delivery charge when she observed how bookstores maintained 70% of their business despite being forced to shut during early COVID lockdowns, because the government reimbursed the shipping fees. "It showed what a brake on business the postage costs are for local bookstores," Darcos said. Asked when the legislation would be enacted, the Ministry of Culture declined to give a date, saying it was too early to say.

Apple's privacy rules are "negatively affecting" Facebook, and its business, Facebook CEO Mark Zuckerberg claimed during its most recent earnings call. MacRumors reports: As a quick refresher, starting with iOS 14.5 and all newer versions of iOS and iPadOS, Apple requires that apps ask for users' permission to track them across other apps and websites. Under the App Tracking Transparency (ATT) framework, the latest change gives users a choice on whether they wish to be tracked for ads or other purposes. [...] Continuing on its anti-Apple's privacy rules campaign, Facebook CEO Mark Zuckerberg was quick to blame Apple for his company's lower than expected growth in the third quarter of the year. Kicking off the earnings call, Zuckerberg said Apple is "negatively affecting" Facebook but that he believes the company will be able to "navigate" the challenges Apple is presenting thanks to its long-term investments.

"As expected, we did experience revenue headwinds this quarter, including from Apple's changes that are not only negatively affecting our business, but millions of small businesses in what is already a difficult time for them in the economy. Sheryl and Dave will talk about this more later, but the bottom line is we expect we'll be able to navigate these headwinds over time with investments that we're already making today." While Zuckerberg and the Facebook executive team hold Apple's changes accountable for this quarter's performance, it may also be an asset. Zuckerberg has in the past stated that ATT could ultimately help Facebook, and it's a sentiment he again repeated during the earning's call. Apple's changes, according to Zuckerberg, are making "e-commerce and customer acquisition less effective on the web." Still, Facebook could benefit from the lessened effectiveness as "solutions that allow businesses to set up shop right inside our apps will become increasingly attractive," Zuckerberg added.

Facebook's chief operating officer, Sheryl Sandberg, also criticized Apple and its privacy rules, going as far as to claim that the new rules are negatively impacting Facebook while benefiting Apple's own advertising business: "We've been open about the fact that there were headwinds coming -- and we've experienced that in Q3. The biggest is the impact of Apple's iOS14 changes, which have created headwinds for others in the industry as well, major challenges for small businesses, and advantaged Apple's own advertising business." Despite Facebook facing an avalanche of pressure amid leaked internal documents and scrutiny, Sandberg pointed the finger at Apple for Facebook's lackluster performance this quarter. "Overall, if it wasn't for Apple's iOS 14 changes, we would have seen positive quarter-over-quarter revenue growth," Sandberg said.

During the company's first appearance at a U.S. congressional hearing, TikTok executive Michael Beckerman said it does not give information to the Chinese government and has sought to safeguard U.S. data. Reuters reports: Michael Beckerman, TikTok's head of public policy for the Americas, became the company's first executive to appear before Congress, testifying to a subcommittee of the Senate Commerce Committee. Republicans in particular pressed Beckerman on worries regarding TikTok's stewardship of data on the app's users. Senator Marsha Blackburn, the panel's top Republican, said she is concerned about TikTok's data collection, including audio and a user's location, and the potential for the Chinese government to gain access to the information. Blackburn questioned Beckerman on whether TikTok could resist giving data to China's government if material were to be demanded. "We do not share information with the Chinese government," Beckerman responded.

Under questioning by Republican Senator Ted Cruz, Beckerman said that TikTok has "no affiliation" with Beijing ByteDance Technology, a ByteDance entity at which the Chinese government took a stake and a board seat this year. Beckerman also testified that TikTok's U.S. user data is stored in the United States, with backups in Singapore. "We have a world-renowned U.S. based security team that handles access," Beckerman said. Republican Senator John Thune said TikTok is perhaps more driven by content algorithms than even Facebook, as the app is famous for quickly learning what users find interesting and offering them those types of videos. Beckerman said TikTok would be willing to provide the app's algorithm moderation policies in order for the Senate panel to have it reviewed by independent experts.

An anonymous reader quotes a report from KrebsOnSecurity: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS).

Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.

Some 150 people were arrested worldwide and more than $31.6 million in cash and virtual currencies were seized during a 10-month international investigation into opioid trafficking through darknet marketplaces, the Department of Justice announced Tuesday. From a report: The massive probe, called "Operation Dark HunTor," spanned three continents and led to the recovery of about 234 kilograms (over 500 pounds) of illegal drugs, including enough fentanyl to cause more than 4 million lethal doses, according to deputy attorney general Lisa Monaco. A darknet is encrypted online content that can only be accessed with specific browsers and is primarily used to purchase or sell illegal goods or services, especially illegal drugs. 65 people were arrested in the United States, one in Bulgaria, three in France, 47 in Germany, four in the Netherlands, 24 in the United Kingdom, four in Italy and two in Switzerland. Prosecutors allege the suspects were responsible for tens of thousands of illegal sales across the U.S., Europe and Australia.

TikTok, YouTube and Snapchat will appear before Congress Tuesday with a key priority: distinguishing their practices from Facebook's. From a report: Facebook is under attack, and its tech peers don't want to get caught in the crossfire as lawmakers mull legislation to rein in the company. At the hearing before the Senate Commerce consumer protection subcommittee, representatives from TikTok, YouTube and Snap will focus on ways their services differ from Facebook and Instagram and measures they've already put in place to protect children.

TikTok's Michael Beckerman, vice president and head of public policy, will highlight proactive safety moves the company has made, including disabling direct messages for users under 16. Snap's Jennifer Stout, vice president of global public policy, will note that the company was designed to avoid some of the toxicity of social media platforms and uses human moderation for creator posts that will reach more than 25 users. YouTube's Leslie Miller, vice president of government affairs and public policy, will point out that the company already has designed different services and products for younger users, including YouTube Kids, Made for Kids and Supervised Experiences.

Owen Jones, a British newspaper columnist and activist for the Labour Party, writes in an opinion piece for The Guardian: The aftermath of the horrific killing of Conservative MP David Amess should have been a moment for politicians and the public to unite in an effort to protect democracy. Instead, the discussion has been derailed by a push to ban anonymous social media accounts, which would stifle free speech and democratic rights. Threatening online messages to politicians and other public figures should be taken seriously. As someone who has experienced online abuse, and a physical attack at the hands of the far right, I know all too well the danger. But, in this tragic event, there seems to be no known connection between the death of Amess and anonymous online posting.

While MPs are grieving, and understandably feel vulnerable, we must ask whether strengthening the online safety bill is the right approach. By shifting attention away from extremism toward online anonymity, do we hinder our democracy? There are many legitimate reasons why a citizen may not feel comfortable posting their opinion or sharing information under their own identity. Given the number of politicians who offer off-the-record quotes to journalists on a daily basis, generally for fear of their jobs or other harmful consequences, MPs will be able to empathize with this. The bill would allow Ofcom to punish social networks that fail to remove "lawful but harmful" content. Defining abuse is politically subjective -- what is seen as accountability by some could be seen as abuse by others. Mark Francois, who is campaigning for the changes, said "while people in public life must remain open to legitimate criticism, they can no longer be vilified or their families subject to the most horrendous abuse." While there is no place for verbally violent, threatening or disturbing language, what can be defined as vilification versus illegitimate criticism is harder to judge... Friendly reminder: Slashdot continues to allow users to post comments and stories anonymously as an "Anonymous Coward." This is something that's been criticized since its inception, but it's something we think is important and plan to continue for the foreseeable future.

An anonymous reader quotes a report from Motherboard: A newly obtained document written by the FBI lays out in unusually granular detail how it and other law enforcement agencies can obtain location information of phones from telecommunication companies. Ryan Shapiro, executive director of nonprofit organization Property of the People, shared the document with Motherboard after obtaining it through a public record act request. Property of the People focuses on obtaining and publishing government records. The document, a 139 page slide presentation dated 2019, is written by the FBI's Cellular Analysis Survey Team (CAST). CAST supports the FBI as well as state, local, and tribal law enforcement investigations through the analysis of call data and tower information, the presentation adds. That can include obtaining the data from telecommunications companies in the first place; analyzing tower dumps that can show which phones were in an approximate location at a given time; providing expert witness testimony; and performing drive tests to verify the actual coverage of a cell tower.

"When necessary, CAST will utilize industry standard survey gear drive test equipment to determine the true geographical coverage breadth of a cell site sector," the presentation reads. The presentation highlights the legal process required to obtain information from a telecommunications company, such as a court order or search warrant. The LinkedIn profile of one CAST member Motherboard found says they have a "special emphasis in historical cell site analysis which is typically used for locating phones (and the individuals attached to those phones) for cases such as kidnappings, homicides, missing persons, and robberies." CAST provides its own cell phone data visualization tool to law enforcement officials around the country called CASTViz for free. "CASTViz has the ability to quickly plot call detail records and tower data for lead generation and investigative purposes," the presentation reads. The document includes images of and instructions for the CASTViz software itself.

The document also explains how data requests from Mobile Virtual Network Operators (MVNOs) such as Boost Mobile are handled, explains how to obtain location data from what the FBI describes as "burner phones," and how to obtain information from OnStar, General Motors' in-vehicle system. The document also provides the cost of some of this data for law enforcement to request. The presentation provides more recent figures on how long telecoms retain data for. AT&T holds onto data such as call records, cell site, and tower dumps for 7 years. T-Mobile holds similar information for 2 years, and Verizon holds it for 1 year. The slide also shows that AT&T retains "cloud storage internet/web browsing" data for 1 year. Another section that provides an overview of the different engineering and location datasets held by telecoms and potentially available to law enforcement agencies tells officials to use some AT&T data "cautiously." "AT&T does not validate results," the presentation reads. That section also mentioned that Verizon has a "new" location tool that law enforcement agencies can use. Rich Young, a Verizon spokesperson, told Motherboard in an email that "This is a tool that our security team uses in response to lawful warrants and emergency requests. For example, this tool would be used in response to cases involving armed fugitives or missing children. As a common industry practice, the tool uses network-based cell site location information. All other major providers use a similar approach."