The Washington Post reports: California's newly empowered privacy regulators announced their first case Monday, a probe of the data practices of newer-generation cars that are often or always connected to the internet. The California Privacy Protection Agency said its enforcement division would review manufacturer's treatment of data collected from vehicles, including locations, smartphone connections and images from cameras.

The agency was established by a 2020 ballot initiative that toughened the California Consumer Privacy Act of 2018. As of July 1, it can conduct operations to enforce Californians' right to learn what is being collected about them, the right to stop that information from being spread and the right to have it deleted...

When combined with web surfing habits and other internet data collated by brokers, movement tracking can paint a full portrait that includes a person's home, workplace, shopping habits, religious attendance and medical treatments. Insurance companies also want data on how quickly drivers brake ahead of problems on the road, along with other performance indicators, and they are willing to pay to get it.
The Post notes that data is beamed to business partners of automakers under "vague privacy policies."

For storing passwords, Slashdot reader eggegick has a simple, easy solution: "I use Vim to keep my passwords in an encrypted file."

But what's the easiest solution for people who don't use Vim? My wife is not a Linux geek like I am, so she's using [free and open-source] KeePass. It's relatively simple to install and use, but I seem to recall it used to be even much simpler... Does anybody know of a really simple password manager or encrypting notepad?

I've looked at a number of them, and they use Java or Javascript, or they involve an external web site, or they have way too many features, or they use an installation program. Or Windows Defender objects to them.
Share your own suggestions and thoughts in the comments.

What's the best (encrypted) password manager?

An anonymous reader shared this report from the Associated Press: A judge has ordered criminal charges dropped against the final executive accused of lying about problems building two nuclear reactors in South Carolina that were abandoned without generating a watt of power. The judge tossed the charges Wednesday because ratepayers of the utility that lost billions of dollars on the project were improperly allowed on the grand jury that indicted Westinghouse Electric Co. executive Jeffrey Benjamin. But federal judge Mary Geiger Lewis also ruled that nothing is stopping prosecutors from properly seeking another indictment. "We're not going away," said assistant U.S. Attorney Winston Holliday, who said prosecutors are still reviewing the ruling to decide their next steps...

The project fell apart in 2017 after nearly a decade of work, when executives and regulators determined construction of the reactors was so hopelessly behind schedule they could not get nearly $2 billion of tax breaks needed to help pay for the work. SCANA contracted with Westinghouse to build the reactors. Prosecutors said Benjamin , who was in charge of major projects, knew of delays and cost overruns but lied to regulators, utility executives and others. The lies led to electric rate increases while keeping the price of SCANA's stock from plummeting...

Two former SCANA executives have been sentenced to federal prison after pleading guilty to their roles in lying to ratepayers, regulators and investors. Former CEO Kevin Marsh received two years while chief operating officer Stephen Byrne was sentenced to 15 months. Former Westinghouse project director Carl Churchman has pleaded guilty to lying to FBI agents investigating the project's failure and is awaiting sentencing.

The Washington Post reports: A federal judge said the Department of Justice's landmark case alleging Google's dominance over the online search business is anti-competitive can go ahead, throwing out some of the government's claims but ruling that a trial is still necessary.

Google had asked for the judge to make a ruling before the trial, which is scheduled for September.

Some of the government's claims, including those put together by a consortium of state attorneys general that argued the way Google designed its search engine page was unfairly harming competitors like Yelp, were dismissed. But D.C. District Court Judge Amit Mehta said the allegations that Google's overall business practices constitute a monopoly that violates the 1890 Sherman Antitrust Act still deserve a trial. "This is a significant victory for Google, knocking out several claims and narrowing the range of activities at issue for trial," said David Olson, an associate professor and antitrust expert at Boston College's law school. "Having said that, the strongest claims against Google remain, so Google still remains at risk of a significant antitrust ruling against it."

The trial will be a major test for Google and the massive business empire it has assembled over the past two decades. The company is still the dominant portal to the internet, exercising immense power over what people see online... The eventual ruling will also be seen as a test for the U.S. government's more aggressive posture on antitrust.

An anonymous reader quotes a report from ProPublica: The Environmental Protection Agency approved a component of boat fuel made from discarded plastic that the agency's own risk formula determined was so hazardous, everyone exposed to the substance continually over a lifetime would be expected to develop cancer. Current and former EPA scientists said that threat level is unheard of. It is a million times higher than what the agency usually considers acceptable for new chemicals and six times worse than the risk of lung cancer from a lifetime of smoking. Federal law requires the EPA to conduct safety reviews before allowing new chemical products onto the market. If the agency finds that a substance causes unreasonable risk to health or the environment, the EPA is not allowed to approve it without first finding ways to reduce that risk. But the agency did not do that in this case. Instead, the EPA decided its scientists were overstating the risks and gave Chevron the go-ahead to make the new boat fuel ingredient at its refinery in Pascagoula, Mississippi. Though the substance can poison air and contaminate water, EPA officials mandated no remedies other than requiring workers to wear gloves, records show.

ProPublica and the Guardian in February reported on the risks of other new plastic-based Chevron fuels that were also approved under an EPA program that the agency had touted as a "climate-friendly" way to boost alternatives to petroleum-based fuels. That story was based on an EPA consent order, a legally binding document the agency issues to address risks to health or the environment. In the Chevron consent order, the highest noted risk came from a jet fuel that was expected to create air pollution so toxic that 1 out of 4 people exposed to it over a lifetime could get cancer. In February, ProPublica and the Guardian asked the EPA for its scientists' risk assessment, which underpinned the consent order. The agency declined to provide it, so ProPublica requested it under the Freedom of Information Act. The 203-page risk assessment revealed that, for the boat fuel ingredient, there was a far higher risk that was not in the consent order. EPA scientists included figures that made it possible for ProPublica to calculate the lifetime cancer risk from breathing air pollution that comes from a boat engine burning the fuel. That calculation, which was confirmed by the EPA, came out to 1.3 in 1, meaning every person exposed to it over the course of a full lifetime would be expected to get cancer.

Another serious cancer risk associated with the boat fuel ingredient that was documented in the risk assessment was also missing from the consent order. For every 100 people who ate fish raised in water contaminated with that same product over a lifetime, seven would be expected to develop cancer -- a risk that's 70,000 times what the agency usually considers acceptable. When asked why it didn't include those sky-high risks in the consent order, the EPA acknowledged having made a mistake. This information "was inadvertently not included in the consent order," an agency spokesperson said in an email. [...] The risk assessment makes it clear that cancer is not the only problem. Some of the new fuels pose additional risks to infants, the document said, but the EPA didn't quantify the effects or do anything to limit those harms, and the agency wouldn't answer questions about them. Some of these newly approved toxic chemicals are expected to persist in nature and accumulate in living things, the risk assessment said. That combination is supposed to trigger additional restrictions under EPA policy, including prohibitions on releasing the chemicals into water. Yet the agency lists the risk from eating fish contaminated with several of the compounds, suggesting they are expected to get into water. When asked about this, an EPA spokesperson wrote that the agency's testing protocols for persistence, bioaccumulation and toxicity are "unsuitable for complex mixtures" and contended that these substances are similar to existing petroleum-based fuels. The EPA did address the concerns in June when it proposed a rule that "would require companies to contact the agency before making any of 18 fuels and related compounds listed in the Chevron consent order," notes ProPublica. "The EPA would then have the option of requiring tests to ensure that the oil used to create the new fuels doesn't contain unsafe contaminants often found in plastic, including certain flame retardants, heavy metals, dioxins and PFAS. If approved, the rule will require Chevron to undergo such a review before producing the fuels, according to the EPA."

Pirate eBook repository Z-Library has launched browser extensions that should make it easier for users to find the site if its current domains are seized in the future. While the site doesn't explicitly mention the U.S. Government crackdown, it likely plays a key role in the decision to make these extensions available. TorrentFreak reports: Since the shadow library is now well aware that its domain names could be taken away at any moment, numerous precautions are being taken to mitigate the risks. A few weeks ago, Z-Library released a dedicated desktop application that should make it easier to access the site. The software has the ability to redirect users to working domains and whenever necessary, connect over the Tor network, which also helps to evade blocking efforts. In an announcement this week, the operators of the shadow library unveiled new precautionary tools to redirect users to working domains, including any new ones, should they be needed.

The new browser extensions are available for both Chrome and Firefox and promise 'seamless access' to alternative domains in the event that existing ones run into trouble. "Say goodbye to searching for available domains, as this handy extension takes care of everything for you. Simplify your online library experience and enjoy seamless access to a world of knowledge, right at your fingertips. "After launching the extension, the process of searching for an available domain will begin. Within some seconds when the domain is found, you will be redirected to the library homepage," Z-Library explains.

While installing browser extensions should always happen with caution, in just a few hours thousands of Z-Library users have already installed the new software. According to the Chrome store, the Z-Library Finder currently has over 7,000 users. These extensions may indeed help to point users to new domain names, but the solution isn't bulletproof. The authorities may attempt to remove the listings from the Chrome and Firefox extension libraries, for example. Even if Z-Library decides to self-host these tools, they still rely on technical infrastructure that could be targeted in the future. That being said, the releases are still notable; it's rare to a service going full steam ahead in the face of an active criminal case.

A husband and wife cyber-crime team have pleaded guilty to trying to launder $4.5bn of Bitcoin that he had stolen in a hack in 2016. From a report: Heather Morgan and Ilya Lichtenstein were arrested last year in New York after police traced their riches back to the crypto heist. While evading police, Morgan masqueraded as a rapper and tech entrepreneur. As part of a plea deal, Lichtenstein admitted he was behind the hack. The couple both pleaded guilty to money laundering, but Morgan pleaded guilty to an additional count of conspiracy to defraud the United States. In spite of attempting to cover up her crimes, Morgan published dozens of expletive-filled music videos and rap songs filmed in locations around New York, under the name Razzlekhan. In her lyrics she called herself a "bad-ass money maker" and "the crocodile of Wall Street."

In articles published in Forbes, Morgan also claimed to be a successful tech businesswoman, calling herself an "economist, serial entrepreneur, software investor and rapper." But while developing her rapping and tech persona, she and her computer programmer husband were attempting to cash out their fortune stolen from the crypto firm Bitfinex. The couple now face prison sentences with Lichtenstein in line for a possible maximum 20 years in prison and Morgan a possible 10. At the time of their arrest in February 2022, the stash of 119,000 Bitcoins was worth about $4.5bn -- making it the US Department of Justice's largest single financial seizure in its history. When the hack was carried out, the Bitcoins were worth about $71m.

SoftBank sued former IRL CEO Abraham Shafi and five siblings and cousins for allegedly misleading the investor about the messaging app's growth, prompting the Japanese conglomerate to buy $150 million worth of shares in the company in 2021 at the height of a pandemic-fueled consumer internet boom. The Information: SoftBank said Shafi and his family members defrauded investors by lying about the company's millions of users, which were actually bots. The lawsuit said the defendants deleted data and communications about the fraud after U.S. securities regulators began investigating the company following a report in The Information questioning the user figures. Last month, The Information reported the company was being shut down following an external investigation initiated by its board of directors that found 95% of its users were fake. The conduct described in the lawsuit, including allegedly deleting evidence during a federal investigation, could put Shafi in further legal trouble.

Canadians will soon be able to access and apply for more federal government services online -- from passports to payments, says Canada's first minister of citizens' services. From a report: Terry Beech says he's also open to innovation and using new technologies like artificial intelligence to improve the way the government delivers services to Canadians. "I think, fundamentally, it's my job to wake up every day thinking about how we're improving the customer service experience for Canadians," Beech said in an interview with CBC News. Beech's appointment to the newly created position comes as the government has been hammered in headlines and by the opposition in recent months over problems delivering basic services to Canadians. News reports have featured images of long lineups and people camping out to apply for passports. In the House of Commons, Conservative MPs have repeatedly talked about a "broken" government, saying lineups have been getting longer, backlogs bigger and services slower.

An anonymous reader quotes a report from Wired: Travel rewards programslike those offered by airlines and hotels tout the specific perks of joining their club over others. Under the hood, though, the digital infrastructure for many of these programs -- including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy -- is built on the same platform. The backend comes from the loyalty commerce company Points and its suite of services, including an expansive application programming interface (API).But new findings, published today by a group of security researchers, show that vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers' "loyalty currency" (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs. The researchers -- Ian Carroll, Shubham Shah, and Sam Curry -- reported a series of vulnerabilities to Points between March and May, and all the bugs have since been fixed.

"The surprise for me was related to the fact that there is a central entity for loyalty and points systems, which almost every big brand in the world uses," Shah says. "From this point, it was clear to me that finding flaws in this system would have a cascading effect to every company utilizing their loyalty backend. I believe that once other hackers realized that targeting Points meant that they could potentially have unlimited points on loyalty systems, they would have also been successful in targeting Points.com eventually." One bug involved a manipulation that allowed the researchers to traverse from one part of the Points API infrastructure to another internal portion and then query it for reward program customer orders. The system included 22 million order records, which contain data like customer rewards account numbers, addresses, phone numbers, email addresses, and partial credit card numbers. Points.com had limits in place on how many responses the system could return at a time, meaning an attacker couldn't simply dump the whole data trove at once. But the researchers note that it would have been possible to look up specific individuals of interest or slowly siphon data from the system over time.

Another bug the researchers found was an API configuration issue that could have allowed an attacker to generate an account authorization token for any user with just their last name and rewards number. These two pieces of data could potentially be found through past breaches or could be taken by exploiting the first vulnerability. With this token, attackers could take over customer accounts and transfer miles or other rewards points to themselves, draining the victim's accounts. The researchers found two vulnerabilities similar to the other pair of bugs, one of which only impacted Virgin Red while the other affected just United MileagePlus. Points.com fixed both of these vulnerabilities as well. Most significantly, the researchers found a vulnerability in the Points.com global administration website in which an encrypted cookie assigned to each user had been encrypted with an easily guessable secret -- the word "secret" itself. By guessing this, the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site, reencrypt the cookie, and essentially assume god-mode-like capabilities to access any Points reward system and even grant accounts unlimited miles or other benefits.

Long-time Slashdot reader SonicSpike shares a report from CNBC: On Tuesday, the Biden administration put the final nail in the coffin for incandescent light bulbs, the result of a decade-plus-long legislative path. The journey began in 2007 when the Energy Independence and Security Act passed. That law required the Department of Energy to evaluate whether efficiency standards for light bulbs needed to be set or amended and required a minimum standard of energy efficiency for light bulbs of 45 lumens per watt to be considered. The 2007 law required that if the DOE determined a new energy efficiency standard was necessary, it should go into effect by January 1, 2017. But politics intervened as the Trump administration appealed those rules.

The Biden administration picked the issue back up. And in April 2022, the Biden administration issued a rule requiring the minimum standard efficiency of 45 lumens per watt, which became effective in July. At that time, the Department of Energy said it would have a gradual transition to the new rule so that stores with inventory would not be stuck with light bulbs they could no longer sell. In Department of Energy lingo, this is called "progressive enforcement." Full enforcement of the ban for retailers took effect on Tuesday. The DOE does not disclose its techniques for enforcing these step-wise implementation of the rule. However, the agency's new regulations will be enforced in "a fair and equitable manner," and smaller retailers are advised to reach out to the DOE to speak about existing inventory they may still have on hand, a spokesperson told CNBC.

Enforcing the sale of the more energy-efficient light bulbs will save consumers nearly $3 billion per year on their utility bills, according to DOE estimates, and cut carbon emissions by 222 million metric tons over the next 30 years. That's about the quantity of emissions that 28 million homes generate in a year, the Department of Energy said. [...] Not all light bulbs are included in the ban. Exceptions include a whole slew of specific light bulb implications, including appliance lamps, black light lamps, bug lamps, colored lamps, general service fluorescent lamps, marine lamps, marine signal service lamps, mine service lamps, sliver bowl lamps, showcase lamps, and traffic signal lamp, to name a few.

An anonymous reader quotes a report from Ars Technica: Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is "grossly irresponsible" and mired in a "culture of toxic obfuscation." The comments from Amit Yoran, chairman and CEO of Tenable, come six days after Sen. Ron Wyden (D-Ore.) blasted Microsoft for what he said were "negligent cybersecurity practices" that enabled hackers backed by the Chinese government to steal hundreds of thousands of emails from cloud customers, including officials in the US Departments of State and Commerce. Microsoft has yet to provide key details about the mysterious breach, which involved the hackers obtaining an extraordinarily powerful encryption key granting access to a variety of its other cloud services. The company has taken pains ever since to obscure its infrastructure's role in the mass breach.

On Wednesday, Yoran took to LinkedIn to castigate Microsoft for failing to fix what the company said on Monday was a "critical" issue that gives hackers unauthorized access to data and apps managed by Azure AD, a Microsoft cloud offering for managing user authentication inside large organizations. Monday's disclosure said that the firm notified Microsoft of the problem in March and that Microsoft reported 16 weeks later that it had been fixed. Tenable researchers told Microsoft that the fix was incomplete. Microsoft set the date for providing a complete fix to September 28.

"To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank," Yoran wrote. "They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft." He continued: "Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix -- and only for new applications loaded in the service." In response, Microsoft officials wrote: "We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications. Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximized customer protection with minimized customer disruption." Microsoft went on to say that the initial fix in June "mitigated the issue for the majority of customers" and "no customer action is required."

In a separate email, Yoran responded: "It now appears that it's either fixed, or we are blocked from testing. We don't know the fix, or mitigation, so hard to say if it's truly fixed, or Microsoft put a control in place like a firewall rule or ACL to block us. When we find vulns in other products, vendors usually inform us of the fix so we can validate it effectively. With Microsoft Azure that doesn't happen, so it's a black box, which is also part of the problem. The 'just trust us' lacks credibility when you have the current track record."

Brave Software, maker of the Brave web browser, has tuned its search engine to run on a homegrown index of images and videos in an effort to end its dependency on "Big Tech" rivals. The Register reports: On Thursday, the company said that image and video results from Brave Search -- available on the web at search.brave.com and via its browser -- will be served from Brave's own index. Search indexes are made by visiting online resources -- typically web pages, images, videos, or other files -- with a crawler bot and recording the locations of these resources in a database. And when an internet user submits a query to a search engine, the search engine checks its index (and possible other sources) to find the addresses of resources that correspond to the query keywords. There's actually a lot more to it but that's the basic idea.

Brave now aims to ride the wave of discontent with "Big Tech" by highlighting its commitment to privacy and independence â" small tech. "Brave Search is 100 percent private and anonymous, which sets a high bar for image/video search to meet," the company said in a blog post provided to The Register. "Whether it's a matter of personal safety or personal preference, users should be able to discover content without their search engine reporting and profiling those results to a Big Tech company." [...] Brave argues that having its own index frees the company from content decisions made by others. "Brave is on a mission to build a user-first Web," the company said in its blog post. "That mission starts with the Brave browser and Brave Search. With the release of image and video search, we're continuing to innovate within the search industry, providing viable and preferable products for users who want choice and transparency in their search for information online."

An anonymous reader writes: Today, the US Treasury Department announced that taxpayers will have the choice to go paperless for all Internal Revenue Service (IRS) correspondence in the upcoming 2024 filing season. By 2025, the IRS plans to achieve paperless processing for all tax returns, still accepting paper documents but immediately digitizing them, to "cut processing times in half" and "expedite refunds by several weeks," the Treasury Department said. "The IRS receives about 76 million paper tax returns and forms and 125 million pieces of correspondence, notice responses, and non-tax forms each year, and its limited capability to accept these forms digitally or digitize paper it receives has prevented the IRS from delivering the world-class service taxpayers deserve," the Treasury Department said.

By accelerating paperless processing, the IRS expects to simplify how Americans access their taxpayer data and save millions historically spent on storing more than a billion documents. Digitization can also help eliminate errors, the Treasury Department said, which can "result from manually inputting data from paper returns." And it will help taxpayers more quickly get answers to questions, as IRS customer service employees "do not currently have easy access to the information from paper returns." Starting in 2024, they will. Next filing season, taxpayers will have the option to e-file 20 additional tax forms among the most commonly submitted when amending returns, including forms used to submit information on things like identity theft or proof of eligibility for "key credits and deductions that help low-income households."

"Taxpayers who want to submit paper returns and correspondence can continue to do so," the Treasury Department said, but "all paper will be converted into digital form as soon as it arrives at the IRS." In 2024, the IRS estimates that "more than 94 percent of individual taxpayers will no longer ever need to send mail to the IRS." Once taxpayers arrive at the 2025 filing season, they'll have the option to e-file "an additional 150 of the most used non-tax forms," the Treasury Department said, which "will be available in digital, mobile-friendly formats that make them easy for taxpayers to complete and submit." The IRS prioritized mobile-friendly formats because the agency estimates that "15 percent of Americans rely solely on mobile phones for their Internet access." "When combined with an improved data platform, digitization and data extraction will enable data scientists to implement advanced analytics and pattern recognition methods to pursue cases that can help address the tax gap, including wealthy individuals and large corporations using complex structures to evade taxes they owe," the Treasury Department added.

Kenya's Ministry of the Interior has issued a decree suspending Worldcoin enrollment in the country, citing concerns with the "authenticity and legality" of its activities in the areas of security, financial services and data protection. TechCrunch reports: The suspension covers both Worldcoin and "any other entity that may be similarly engaging the people of Kenya" and will remain in place until the authorities determine "the absence of any risks to the general public whatsoever." Up until today, Kenya had one of the largest collections of venues -- at least 18, according to the company's directory last week -- where you could visit an "Orb," as the company's spherical and mirrored iris scanners are called, "and verify your World ID." Now there is only one listed -- after Orb operators, overwhelmed by the huge turnout, shifted their stations on Sunday to Kenyatta International Convention Centre (KICC), a bigger ground in Kenya's capital that could accommodate the thousands of people streaming in.

"Relevant security, financial service and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities, and the safety and protection of the data being harvested, and how the harvesters intend to use the data," said Kithure Kindiki, Kenya's cabinet secretary for the ministry of interior and national administration. The news come amid separate reports that Worldcoin plans to expand its operations to sign up more users globally and allow other organizations to use its iris-scanning and identity-verifying technology.

Further reading: Sam Altman's Worldcoin Eyeball-Scanning Crypto Project Launches

Worldcoin will expand its operations to sign up more users globally and aims to allow other organisations to use its iris-scanning and identity-verifying technology, a senior manager for the company behind the project told Reuters. From the report: "We are on this mission of building the biggest financial and identity community that we can," said Ricardo Macieira, general manager for Europe at Tools For Humanity, the San Francisco and Berlin-based company behind the project.

Macieira said Worldcoin would continue rolling out operations in Europe, Latin America, Africa and "all the parts of the world that will accept us." Worldcoin's website mentions various possible applications, including distinguishing humans from artificial intelligence, enabling "global democratic processes" and showing a "potential path" to universal basic income, although these outcomes are not guaranteed. Most people interviewed by Reuters at sign-up sites in Britain, India and Japan last week said they were joining in order to receive the 25 free Worldcoin tokens the company says verified users can claim.

An anonymous reader quotes a report from Politico: President Joe Biden has determined that Colorado Springs will be the permanent headquarters of U.S. Space Command, reversing a Trump administration decision to move the facility to Alabama, the Pentagon announced Monday. The decision will only intensify a bitter parochial battle on Capitol Hill, as members of the Colorado and Alabama delegations have spent months accusing each other of playing politics on the future of the four-star command.

The command was reestablished in 2019 and given temporary headquarters in Colorado while the Air Force evaluated a list of possible permanent sites. With an eye on Russia and China, its job is to oversee the military's operations of space assets and the defense of satellites. Pentagon spokesperson Brig. Gen. Pat Ryder said Biden notified the Department of Defense on Monday that he had made the decision, after speaking with Defense Secretary Lloyd Austin and weighing the input of senior military leaders. "Locating Headquarters U.S. Space Command in Colorado Springs ultimately ensures peak readiness in the space domain for our nation during a critical period," Ryder said in a statement. "It will also enable the command to most effectively plan, execute and integrate military spacepower into multi-domain global operations in order to deter aggression and defend national interests." Austin, Air Force Secretary Frank Kendall and U.S. Space Command chief Gen. James Dickinson all support Biden's decision, Ryder added.

The most significant factor Biden weighed in making the decision was the impact such a move would have on the military's ability to confront the changing threat from space, according to a senior administration official, who like others was granted anonymity to discuss sensitive deliberations. Keeping the headquarters at Colorado Springs "maintains operational readiness and ensures no disruption to its mission or to its personnel," according to the official. The command is set to achieve "full operational capability" this month, the official said. A move to Alabama, by contrast, would have forced the command to transition to a new headquarters in the mid-2020s, and the new site would not have been open until the early to mid-2030s, the official said. "The president found that risk unacceptable, especially given the challenges we may face in the space domain during this critical time period," according to the official.

An anonymous reader quotes a report from Ars Technica: Film companies lost another attempt to force Reddit to identify anonymous users who discussed piracy. A federal court on Saturday quashed a subpoena (PDF) demanding users' names and other identifying details, agreeing with Reddit's argument that the film companies' demands violate the First Amendment. The plaintiffs are 20 producers of popular movies who are trying to prove that Internet service provider Grande is liable for its subscribers' copyright infringement because the ISP allegedly ignores piracy on its network. Reddit isn't directly involved in the copyright case. But the film companies filed a motion to compel Reddit to respond to a subpoena demanding "basic account information including IP address registration and logs from 1/1/2016 to present, name, email address and other account registration information" for six users who wrote comments on Reddit threads in 2011 and 2018.

"The issue is whether that discovery is permissible despite the users' right to speak anonymously under the First Amendment," US Magistrate Judge Laurel Beeler wrote in her ruling against the film copyright holders. "The court denies the motion because the plaintiffs have not demonstrated a compelling need for the discovery that outweighs the users' First Amendment right to anonymous speech." The film companies seeking Reddit users' identities include After II Movie LLC, Bodyguard Productions, Hitman 2 Productions, Millennium Funding, Nikola Productions, Rambo V Productions, and Dallas Buyers Club LLC. As Beeler's ruling on Saturday noted, they sought the identities of two users who wrote about torrenting on Grande's network in 2018 [...]. The companies also sought identities of four users who commented in a 2011 thread. "I have grande. No issues with torrent or bandwidth caps," one user comment said. Another Reddit user wrote, "I have torrented like a motherfucker all over grande and have never seen anything." Reddit's filing (PDF) pointed out that the statute of limitations for copyright infringement is three years. The film companies said (PDF) the statute of limitations is irrelevant to whether the comments can provide evidence in the case against Grande.

An anonymous reader quotes a report from Ars Technica: Starting today, Facebook users may feel a little less safe posting anonymously. The Court of the Hague in The Netherlands ruled that Meta Ireland must unmask an anonymous user accused of defaming the claimant, a male Facebook user who allegedly manipulated and made secret recordings of women he dated. The anonymous Facebook user posted the allegedly defamatory statements in at least two private Facebook groups dedicated to discussing dating experiences. The claimant could not gain access but was shown screenshots from the groups, one with about 2,600 members and one with around 61,000 members. The claimant argued that his reputation had suffered from the repeated postings that included photos of the man and alleged screenshots of his texts.

The claimant tried to get Meta to remove the posts, but Meta responded with an email saying that it would not do so because "it is not clear to us that the content you reported is unlawful as defamation." At that point, Meta suggested that the man contact the anonymous user directly to resolve the matter, triggering the lawsuit against Meta. Initially, the claimant asked the court to order Meta to delete the posts, identify the anonymous user, and flag any posts in other private Facebook groups that could defame the claimant. While arguing the case, Meta had defended the anonymous user's right to freedom of expression, but the court decided that the claimant -- whose name is redacted in court documents -- deserved an opportunity to challenge the allegedly defamatory statements. Partly for that reason, the court ordered Meta to provide "basic subscriber information" on the anonymous user, including their username, as well as any names, email addresses, or phone numbers associated with their Facebook account. The court did not order Meta to remove the posts or flag any others that may have been shared in private groups, though.

Meta has already agreed to comply with the order, the court's ruling said. However, if Meta fails to provide the Facebook user's identifying information, the social media company risks a penalty of approximately $1,200 daily. The maximum fine that Meta could face is less than $130,000. [...] Meta's defense of the anonymous user's right to free speech failed, the court said, because freedom of speech is not unlimited. "Someone who, without evidence, repeatedly makes serious and clearly traceable accusations, must take into account, partly in the light of the conditions applied by Facebook, that he or she may be confronted with a measure whereby his or her anonymity is lifted," the court order said. Although the key concern for The Court in the Hague appeared to be that the statements posted anonymously were plausibly defamatory, the order also noted that the content would not have to necessarily be unlawful for Facebook to be ordered to identify the user posting it. "According to settled case law, under certain circumstances Meta has an obligation to provide identifying data, even if the content of the relevant messages is not unmistakably unlawful," the court order said.

An anonymous reader quotes a report from TIME: U.S. and European officials are growing increasingly concerned about China's accelerated push into the production of older-generation semiconductors and are debating new strategies to contain the country's expansion. President Joe Biden implemented broad controls over China's ability to secure the kind of advanced chips that power artificial-intelligence models and military applications. But Beijing responded by pouring billions into factories for the so-called legacy chips that haven't been banned. Such chips are still essential throughout the global economy, critical components for everything from smartphones and electric vehicles to military hardware. That's sparked fresh fears about China's potential influence and triggered talks of further reining in the Asian nation, according to people familiar with the matter, who asked not to be identified because the deliberations are private. The U.S. is determined to prevent chips from becoming a point of leverage for China, the people said.

Commerce Secretary Gina Raimondo alluded to the problem during a panel discussion last week at the American Enterprise Institute. "The amount of money that China is pouring into subsidizing what will be an excess capacity of mature chips and legacy chips -- that's a problem that we need to be thinking about and working with our allies to get ahead of," she said. While there's no timeline for action to be taken and information is still being gathered, all options are on the table, according to a senior Biden administration official. The most advanced semiconductors are those produced using the thinnest etching technology, with 3-nanometers state of the art today. Legacy chips are typically considered those made with 28-nm equipment or above, technology introduced more than a decade ago.

Senior E.U. and U.S. officials are concerned about Beijing's drive to dominate this market for both economic and security reasons, the people said. They worry Chinese companies could dump their legacy chips on global markets in the future, driving foreign rivals out of business like in the solar industry, they said. Western companies may then become dependent on China for these semiconductors, the people said. Buying such critical tech components from China may create national security risks, especially if the silicon is needed in defense equipment. "The United States and its partners should be on guard to mitigate nonmarket behavior by China's emerging semiconductor firms," researchers Robert Daly and Matthew Turpin wrote in a recent essay for the Hoover Institution think tank at Stanford University. "Over time, it could create new U.S. or partner dependencies on China-based supply chains that do not exist today, impinging on U.S. strategic autonomy."

A proposed state tax in Massachusetts on streaming video services could increase prices for popular platforms like Netflix and Hulu, as the 5 percent fee would support approximately 200 community access cable channels struggling due to declining cable subscriptions. The Boston Globe reports: In July, the Joint Committee on Advanced Information Technology held hearings on legislation filed by Democratic State Representative Joan Meschino and Republican Representative Mathew J. Muratore, both of Plymouth. Their bill would require streaming video companies to pay a 5 percent fee on the gross revenues generated in the state. The estimated $65 million a year raised by the fee would support roughly 200 community access channels, the most in any state. The community channels are run by nonprofit organizations or town governments, and funded by cable TV companies, which are assessed a fee by local governments for the right to run their cables through city property. The cable companies pass the cost on to subscribers.

But subscriptions are plummeting as US consumers abandon pay TV for streaming services. Cable and satellite subscribers now number about 70 million, down more than 25 percent from 95.5 million a decade ago, according to Leichtman Research Group, a New Hampshire research and analysis company specializing in media, entertainment, and broadband industries. "The next three to five years it's really going to dry up even more so," said Muratore. Meschino said citizens can't afford to lose access to community media channels, because so many local newspapers have shut down. "There's literally no other way to consume that sort of hyperlocal programming," Meschino said.

About a dozen US states levy sales taxes on consumers' streaming video bills. But Meschino said that sales tax money goes into each state's general fund. Instead, she wants the streaming fee to be dedicated entirely to support for community media services, just like the fee paid by traditional cable TV companies. Some or all of the fees would likely be passed on to consumers. Gauthier estimates that a typical household's costs could rise about $2.40 a month, spread among several streaming networks. "Maybe it'll be 75 cents for your Amazon," he said. "Maybe it'll be 80 cents for your Disney."

This week America's Department of Energy announced $100 million to support states, local governments, and public utilities "in purchasing products derived from converted carbon emissions."

The hope is to jumpstart the creation of a market for "environmentally sustainable alternatives in fuels, chemicals, and building products sourced from captured emissions from industrial and power generation facilities." U.S. Secretary of Energy Jennifer M. Granholm says it will "help transform harmful pollutants into beneficial products." "State and local grants, made possible through the Bipartisan Infrastructure Law, will help demonstrate the economic viability of innovative technologies, resulting in huge net reductions in lifecycle greenhouse gas emissions, while bringing new, good-paying jobs and cleaner air to communities nationwide." States, local governments, and public utilities purchase large quantities of products, therefore providing an incentive to purchase products made from carbon emissions is an important method to drive emissions reductions...

[T]he Carbon Utilization Procurement Grants program will help offset 50% of the costs to states, local governments, and public utilities or agencies to procure and use products developed through the conversion of captured carbon dioxide and carbon monoxide emissions. The commercial or industrial products to be procured and used under these grants must demonstrate a significant net reduction in greenhouse gas emissions compared to incumbent products via a life cycle analysis...

Projects selected under this opportunity will be required to develop and implement strategies to ensure strong community and worker benefits, and report on such activities and outcomes.

Friday America's Department of Energy announced plans to re-purpose some of the land it owns — "portions of which were previously used in the nation's nuclear weapons program" — for generating clean energy. They'll be leasing them out for "utility-scale clean energy projects" in an initiative called "Cleanup to Clean Energy."

The agency has identified 70,000 acres for potential development, in New Mexico, Nevada, South Carolina, Idaho, and Washington: "We are going to transform the lands we have used over decades for nuclear security and environmental remediation by working closely with tribes and local communities together with partners in the private sector to build some of the largest clean energy projects in the world," said U.S. Secretary of Energy Jennifer M. Granholm. "Through the Cleanup to Clean Energy initiative, the Department of Energy will leverage areas that were previously used to protect our national security and will repurpose them to the same end — this time, generating clean energy that will help save the planet and protect our energy independence."
The announcement notes that in December 2021, President Biden directed U.S. federal agencies to "authorize use of their real property assets, including land for the development of new clean electricity generation and storage through leases, grants, permits, or other mechanisms."

"As the leading Federal agency on clean energy research and development, DOE has both a unique opportunity and a clear responsibility to lead by example and identify creative solutions to achieve the President's mandate."

An anonymous reader quotes a report from TorrentFreak: Italy's brand new anti-piracy law has just received full approval from telecoms regulator AGCOM. In a statement issued Thursday, AGCOM noted its position "at the forefront of the European scene in combating online piracy." The new law comes into force on August 8 and authorizes nationwide ISP blocking of live events and enables the state to issue fines of up to 5,000 euros to users of pirate streams .

In a statement published Thursday, AGCOM welcomed the amendments to Online Copyright Enforcement regulation 680/13/CONS, which concern measures to counter the illegal distribution of live sports streams, as laid out in Resolution 189/23/CONS. The new provisions grant AGCOM the power to issue "dynamic injunctions" against online service providers of all kinds, a privilege usually reserved for judges in Europe's highest courts. The aim is to streamline blocking measures against unlicensed IPTV services, with the goal of rendering them inaccessible across all of Italy.

"With such measures, it will be possible to disable access to pirated content in the first 30 minutes of the event broadcast by blocking DNS resolution of domain names and blocking the routing of network traffic to IP addresses uniquely intended for illicit activities," AGCOM says. "With this amendment, in perfect synchrony with the changes introduced by Parliament, AGCOM is once again at the forefront of the European scene in combating online piracy activity," says AGCOM Commissioner Massimiliano Capitanio.

Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

An anonymous reader quotes a report from TechCrunch: U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. Virginia-based Maximus contracts with federal, state and local governments to manage and administer government-sponsored programs, such as Medicaid, Medicare, healthcare reform and welfare-to-work. In an 8-K filing on Wednesday, Maximus confirmed that the personal information of a "significant number" of individuals was accessed by hackers exploiting a zero-day vulnerability in MOVEit Transfer, which the organization uses to "share data with government customers pertaining to individuals who participate in various government programs."

While Maximus hasn't yet been able to confirm the exact number of individuals impacted -- something the company expects to take "several more weeks" -- the organization said it believes hackers accessed the personal data, including Social Security numbers and protected health information, of "at least" 8 to 11 million individuals. If the latter, this would make the breach the largest breach of healthcare data this year -- and the most significant data breach reported as a result of the MOVEit mass-hacks. Maximus has not confirmed which specific types of health data were accessed and has not responded to TechCrunch's questions. In its 8-K filing, the company said it began notifying impacted customers and federal and state regulators, adding that it expects the security incident to cost approximately $15 million to investigate and remediate. Clop, the Russia-linked data extortion group responsible for the MOVEit mass-hacks, claims to have stolen 169 gigabytes of data from Maximus, which it has not yet published. The report notes that "more than 500 organizations have so far been impacted by the MOVEit mass-hacks, exposing the personal information of more than 34.5 million people."

An anonymous reader quotes a report from TorrentFreak: The Electronic Frontier Foundation will award Alexandra Elbakyan, founder of the 'pirate' library Sci-Hub, for her efforts to provide access to scientific knowledge. According to EFF, Elbakyan's site is a vital resource for millions of students and researchers. Some medical professionals have even argued that the site helped to save lives. [...] "When I was working on my research project, I found out that all research papers I needed for work were paywalled. I was a student in Kazakhstan at the time and our university was not subscribed to anything," Alexandra told TorrentFreak years ago. Today, Sci-Hub continues to tear down academic paywalls but that comes at a cost. Sci-Hub has been sued several times and owes millions in damages to major publishers. In addition, Elbakyan also drew the attention of the FBI. Instead of throwing in the towel, Sci-Hub's founder continues to defend her ideals. They're a thorn in the side of major publishers, but on the other side of the debate, Elbakyan reaps praise.

This week, the Electronic Frontier Foundation (EFF) announced that Sci-Hub's founder will receive an award for her accomplishments in advancing access to scientific knowledge. EFF's awards are presented to people who have taken a leading role in the fight for freedom and innovation online. The previous winners include Internet pioneer Vint Cerf, Linux creator Linus Torvalds, and whistleblower Chelsea Manning. According to EFF, Elbakyan deserves the award as her life's work enables millions of people to access scientific knowledge that would otherwise exist beyond their financial reach. EFF also highlights that Elbakyan's work helps to challenge the current academic publishing system, where researchers are used as unpaid workhorses. "Sci-Hub is used by millions of students, researchers, medical professionals, journalists, inventors, and curious people all over the world, many of whom provide feedback saying they are grateful for this access to knowledge," said the EFF.

"Some medical professionals have said Sci-Hub helps save human lives; some students have said they wouldn't be able to complete their education without Sci-Hub's help."

An effort by United States lawmakers to prevent government agencies from domestically tracking citizens without a search warrant is facing opposition internally from one of its largest intelligence services. From a report: Republican and Democratic aides familiar with ongoing defense-spending negotiations in Congress say officials at the National Security Agency (NSA) have approached lawmakers charged with its oversight about opposing an amendment that would prevent it from paying companies for location data instead of obtaining a warrant in court. Introduced by US representatives Warren Davidson and Sara Jacobs, the amendment would prohibit US military agencies from "purchasing data that would otherwise require a warrant, court order, or subpoena" to obtain. The ban would cover more than half of the US intelligence community, including the NSA, the Defense Intelligence Agency, and the newly formed National Space Intelligence Center, among others.

The House approved the amendment in a floor vote over a week ago during its annual consideration of the National Defense Authorization Act, a "must-pass" bill outlining how the Pentagon will spend next year's $886 billion budget. Negotiations over which policies will be included in the Senate's version of the bill are ongoing. In a separate but related push last week, members of the House Judiciary Committee voted unanimously to advance legislation that would extend similar restrictions against the purchase of Americans' data across all sectors of government, including state and local law enforcement. Known as the "Fourth Amendment Is Not For Sale Act," the bill will soon be reintroduced in the Senate as well by one of its original 2021 authors, Ron Wyden, the senator's office confirmed. "Americans of all political stripes know their Constitutional rights shouldn't disappear in the digital age," Wyden says, adding that there is a "deep well of support" for enshrining protections against commercial data grabs by the government "into black-letter law."

Worldcoin (WLD), the eyeball-scanning crypto project launched by OpenAI's Sam Altman, is being investigated by French data protection regulator CNI for "questionable" practises, the regulator told CoinDesk. From a report: "The legality of this [data] collection seems questionable, as do the conditions for preservation of biometric data," a CNIL spokesperson said in a written statement, referring to Worldcoin's practise of scanning retinas to ensure that no single person can claim crypto rewards twice.

"CNIL has initiated investigations," supporting the work of Bavarian privacy regulators who have primary responsibility under EU law, the spokesperson added. Worldcoin went live on Monday and its cheerleaders say it could spread crypto wider than bitcoin (BTC), but it has drawn the ire of privacy watchdogs in the U.K., where the Information Commissioner's Office has warned that people must freely give consent to the processing of their personal data, and be able to withdraw it without detriment.

An anonymous reader quotes a report from Reuters: The U.S. Senate Commerce Committee approved legislation on Thursday to bar automakers from eliminating AM broadcast radio in new vehicles and require companies like Ticketmaster to put total ticket prices including fees in marketing materials. The AM radio bill and the ticket-pricing bill both had strong bipartisan support and both have companion measures in the House of Representatives. The AM radio bill would direct the Transportation Department to issue regulations mandating AM radio in new vehicles without additional charge. Senators said this year that at least seven automakers have removed AM broadcast radio from their electric vehicles, including Tesla, BMW, and Volkswagen. Ford reversed course in May under pressure from Congress. Lawmakers say losing AM radio undermines a federal system for delivering key public safety information to the public. The National Association of Broadcasters said the bill "will ensure that the tens of millions of AM radio listeners across the country retain access to local news, diverse community programming and emergency information." The Alliance for Automotive Innovation, a trade group representing major automakers, opposed the measure: "This is simply a bill to prop up and give preference to a particular technology that's now competing with other communications options and adapting to changing listenership."

The U.S. Senate Commerce Committee also approved two bills aimed at tightening privacy protections for children online.

An anonymous reader quotes a report from The Verge: Congress is closer than ever to passing a pair of bills to childproof the internet after lawmakers voted to send them to the floor Thursday. The bills -- the Kids Online Safety Act (KOSA) and COPPA 2.0 -- were approved by the Senate Commerce Committee Thursday by a unanimous voice vote. Both pieces of legislation aim to address an ongoing mental health crisis amongst young people that some lawmakers blame social media for intensifying. But critics of the bills have long argued that they have the potential to cause more harm than good, like forcing social media platforms to collect more user information to properly enforce Congress' rules.

KOSA is supposed to establish a new legal standard for the Federal Trade Commission and state attorneys general, allowing them to police companies that fail to prevent kids from seeing harmful content on their platforms. The authors of the bills, Sen. Marsha Blackburn (R-TN) and Richard Blumenthal (D-CT), have said the bill keeps kids from seeing content that glamorizes eating disorders, suicidal thoughts, substance abuse, and gambling. It would also ban kids 13 and under from using social media and require companies to acquire parental consent before allowing children under 17 to use their platforms. At Thursday's markup, Blackburn proposed an amendment to remedy some of the concerns raised by digital rights groups, mainly language requiring platforms to verify the age of their users. Lawmakers approved those changes along with the bill, but the groups fear that platforms would still need to collect more data on all users to live up to the bill's other rules. [...] The other bill lawmakers approved, COPPA 2.0, raises the age of protection under the Children's Online Privacy Protection Act from 13 to 16 years of age, along with similar age-gating restrictions. It also bans platforms from targeting ads to kids. "When it comes to determining the best way to help kids and teens use the internet, parents and guardians should be making those decisions, not the government," Carl Szabo, NetChoice vice president and general counsel, said. "Rather than violating free speech rights and handing parenting over to bureaucrats, we should empower law enforcement with the resources necessary to do its job to arrest and convict bad actors committing online crimes against children."

An anonymous reader quotes a report from Ars Technica: When Google announced that trackers would be able to tie in to its 3 billion-device Bluetooth tracking network at its Google I/O 2023 conference, it also said that it would make it easier for people to avoid being tracked by trackers they don't know about, like Apple AirTags. Now Android users will soon get these "Unknown Tracker Alerts." Based on the joint specification developed by Google and Apple, and incorporating feedback from tracker-makers like Tile and Chipolo, the alerts currently work only with AirTags, but Google says it will work with tag manufacturers to expand its coverage.

For now, if an AirTag you don't own "is separated from its owner and determined to be traveling with you," a notification will tell you this and that "the owner of the tracker can see its location." Tapping the notification brings up a map tracing back to where it was first seen traveling with you. Google notes that this location data "is always encrypted and never shared with Google." Further into the prompts, you can make the tracker play a sound, "without the owner of the tracker knowing," Google says. If you bring the tracker to the back of your phone (presumably within NFC range), some trackers may provide their serial number and information about their owner, "like the last four digits of their phone number." Google indicates it will also link to information about how to physically disable a tracker. Finally, Google is offering a manual scan feature, if you're suspicious that your Android phone isn't catching a tracker or want to see what's nearby. The alerts are rolling out through a Google Play services update to devices on Android 6.0 and above over the coming weeks. Google is working to finish the joint tracking specification "by the end of this year."

The company added: "At this time, we've made the decision to hold the rollout of the Find My Device network until Apple has implemented protections for iOS."

An hours-long discussion on Capitol Hill captured the intensifying public interest in the unexplained and how authorities investigate such reports. From a report: A small group of House lawmakers called Wednesday for greater transparency in the government's reporting on encounters with unidentified phenomena, in an unusual congressional hearing featuring the testimony of UFO witnesses. But the hearing, which one freshman Democrat remarked was the most bipartisan discussion he'd seen in his seven months on Capitol Hill, oscillated between statements of concern about the potential national security threat posed by unknown objects flying close to U.S. military aircraft and more extreme allusions to government conspiracies to hide the existence of alien lifeforms. Convened by a House Oversight subcommittee, the hours-long discussion captured the intensifying public interest in the unexplained and what federal authorities are doing to document and investigate such reports.

"We're not bringing little green men or flying saucers into the hearing -- sorry to disappoint about half y'all," Rep. Tim Burchett (R-Tenn.) said. "We're just going to get to the facts. We're going to uncover the cover up." In response to reported encounters by Navy pilots, the U.S. military and the intelligence community have sought to more closely analyze such incidents. The sightings, including some that are believed to be drones or unmanned craft -- like the Chinese surveillance airship shot down in U.S. airspace earlier this year -- have fueled concerns that American adversaries could have developed new technologies that pose a threat to U.S. security. The Pentagon has implemented new policies meant to encourage military personnel to come forward if they see something unusual so it can be investigated and accounted for, and last year established what it calls the All-domain Anomaly Resolution Office to further study such reports. NASA has undertaken a similar independent initiative.

Binance, its founder Changpeng Zhao and the crypto exchange's former Chief Compliance Officer Samuel Lim plan to seek the dismissal of a Commodity Futures Trading Commission lawsuit. From a report: The response to the CFTC complaint is due July 27 and the defendants intend to submit motions to dismiss, according to a court filing on Monday. They also sought permission to exceed a 15-page limit on supporting briefs, citing the complexity of the case and the number of arguments they anticipate making. The CFTC in March alleged that Binance and CEO Zhao, also known as CZ, routinely broke US derivatives rules as the firm grew to be the world's largest digital-asset trading platform.

Binance should have registered with the agency years ago and continues to violate the CFTC's rules, the regulator said at the time. The crypto platform previously described the CFTC lawsuit as "unexpected and disappointing." The US Securities & Exchange Commission last month accused Binance and Zhao of mishandling customer funds, misleading investors and regulators, and breaking securities rules. Binance has said that it intends to defend its platform "vigorously."

Alphabet's Google violated a software developer's patent rights with its remote-streaming technology and must pay $338.7 million in damages, a federal jury in Waco, Texas decided on Friday. From a report: The jury found that Google's Chromecast and other devices infringe patents owned by Touchstream Technologies related to streaming videos from one screen to another. Google spokesperson Jose Castaneda said on Monday that the company will appeal the verdict and has "always developed technology independently and competed on the merits of our ideas." Touchstream attorney Ryan Dykal said on Monday that Touchstream was pleased with the verdict. New York-based Touchstream, which also does business as Shodogg, said in its 2021 lawsuit that founder David Strober invented technology in 2010 to "move" videos from a small device like a smartphone to a larger device like a television.

The New York Times points out that so-called "shadow libraries," like Library Genesis, Z-Library or Bibliotik, "are obscure repositories storing millions of titles, in many cases without permission — and are often used as A.I. training data." A.I. companies have acknowledged in research papers that they rely on shadow libraries. OpenAI's GPT-1 was trained on BookCorpus, which has over 7,000 unpublished titles scraped from the self-publishing platform Smashwords. To train GPT-3, OpenAI said that about 16 percent of the data it used came from two "internet-based books corpora" that it called "Books1" and "Books2." According to a lawsuit by the comedian Sarah Silverman and two other authors against OpenAI, Books2 is most likely a "flagrantly illegal" shadow library.

These sites have been under scrutiny for some time. The Authors Guild, which organized the authors' open letter to tech executives, cited studies in 2016 and 2017 that suggested text piracy depressed legitimate book sales by as much as 14 percent.

Efforts to shut down these sites have floundered. Last year, the F.B.I., with help from the Authors Guild, charged two people accused of running Z-Library with copyright infringement, fraud and money laundering. But afterward, some of these sites were moved to the dark web and torrent sites, making it harder to trace them. And because many of these sites are run outside the United States and anonymously, actually punishing the operators is a tall task.

Tech companies are becoming more tight-lipped about the data used to train their systems.

Forbes' senior writer on cybersecurity writes on the "warrantless monitoring of citizens en masse" in the United States.

Here's how county police armed with a "powerful new AI tool" identified the suspicious driving pattern of a grey Chevy owned by David Zayas: Searching through a database of 1.6 billion license plate records collected over the last two years from locations across New York State, the AI determined that Zayas' car was on a journey typical of a drug trafficker. According to a Department of Justice prosecutor filing, it made nine trips from Massachusetts to different parts of New York between October 2020 and August 2021 following routes known to be used by narcotics pushers and for conspicuously short stays. So on March 10 last year, Westchester PD pulled him over and searched his car, finding 112 grams of crack cocaine, a semiautomatic pistol and $34,000 in cash inside, according to court documents. A year later, Zayas pleaded guilty to a drug trafficking charge.

The previously unreported case is a window into the evolution of AI-powered policing, and a harbinger of the constitutional issues that will inevitably accompany it... Westchester PD's license plate surveillance system was built by Rekor, a $125 million market cap AI company trading on the NASDAQ. Local reporting and public government data reviewed by Forbes show Rekor has sold its ALPR tech to at least 23 police departments and local governments across America, from Lauderhill, Florida to San Diego, California. That's not including more than 40 police departments across New York state who can avail themselves of Westchester County PD's system, which runs out of its Real-Time Crime Center... It also runs the Rekor Public Safety Network, an opt-in project that has been aggregating vehicle location data from customers for the last three years, since it launched with information from 30 states that, at the time, were reading 150 million plates per month. That kind of centralized database with cross-state data sharing, has troubled civil rights activists, especially in light of recent revelations that Sacramento County Sheriff's Office was sharing license plate reader data with states that have banned abortion...

The ALPR market is growing thanks to a glut of Rekor rivals, including Flock, Motorola, Genetec, Jenoptik and many others who have contracts across federal and state governments. They're each trying to grab a slice of a market estimated to be worth at least $2.5 billion... In pursuit of that elusive profit, the market is looking beyond law enforcement to retail and fast food. Corporate giants have toyed with the idea of tying license plates to customer identities. McDonalds and White Castle have already begun using ALPR to tailor drive-through experiences, detecting returning customers and using past orders to guide them through the ordering process or offer individualized promotion offers. The latter restaurant chain uses Rekor tech to do that via a partnership with Mastercard.
A senior staff attorney at the ACLU tells Forbes that "The scale of this kind of surveillance is just incredibly massive."

Thanks to long-time Slashdot reader Geek_Cop for sharing the article.

Gizmodo reports: Thousands of top Russian officials and state employees have reportedly been banned from using iPhones and other Apple products over concerns they could serve as surreptitious spying tools for Western intelligence agencies...

Russia's trade minister, according to a Financial Times report, said the new ban will take effect Monday, July 17. The move affects a variety of Apple products from iPhones, iPads, and laptops, and builds off of similar restrictions already put in place by the digital development ministry and state-owned defense conglomerate Rostec. Kremlin officials also advised staff working on Vladimir Putin's 2024 presidential re-election campaign against using a variety of US-developed smartphones over similar espionage conveners earlier this year...

Russian intelligence officials last month accused the US National Security Agency of hacking into thousands of Russian-owned iPhones and targeting the phones of foreign diplomats based in Russia... To be clear, Russian officials still haven't provided any clear evidence proving the alleged US conspiracy. Apple has also publicly denied the claims and recently told the Times it "has never worked with any government to build a backdoor into any Apple product, and never will."
The Financial Times got a skeptical response to that from Dmitry Medvedev, deputy head of Russia's Security Council and one of the country's fiercest hardliners. "When a big tech compan...â.âclaims it does not co-operate with the intelligence community — either it lies shamelessly or it is about to [go bust]."

Thanks to Slashdot reader dovthelachma for sharing the news.

The major gaming platform Roblox has suffered a major data breach, leading to the release of personal information including addresses from those who attended the Roblox Developer Conference between 2017-2020. PCGamer reports: The leak contains almost 4,000 names, phone numbers, email addresses, dates of birth, and physical addresses. Such identifying information is gold dust for bad actors, and raises serious questions about the data security of one of the largest gaming platforms around. The website haveibeenpwned says the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual's t-shirt size.

The implications of this for those affected are identity theft and scams, with the quantity of data especially worrying: this is basically all you need to effectively impersonate someone. Beyond the above statement, Roblox has made no further comment, and it's likely that the ramifications of this will continue to unfold for some time, especially if anyone on the list is indeed targeted. Anyone concerned should search on haveibeenpwned and enable two-factor authentication on all accounts (as well as keeping an especially close eye on bank transactions for a while). Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn't spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago. "Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community," said a Roblox spokesperson to PC Gamer. "We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors."

An anonymous reader quotes a report from Ars Technica: A few months ago, the developers behind the Wii/GameCube emulator Dolphin said they were indefinitely postponing a planned Steam release, after Steam-maker Valve received a request from Nintendo to take down the emulator's "coming soon" page. This week, after consulting with a lawyer, the team says it has decided to abandon its Steam distribution plans altogether. "Valve ultimately runs the store and can set any condition they wish for software to appear on it," the team wrote in a blog post on Thursday. "In the end, Valve is the one running the Steam storefront, and they have the right to allow or disallow anything they want on said storefront for any reason."

The Dolphin team also takes pains to note that this decision was not the result of an official DMCA notice sent by Nintendo. Instead, Valve reached out to Nintendo to ask about the planned Dolphin release, at which point a Nintendo lawyer cited the DMCA in asking Valve to take down the page. At that point, the Dolphin team says, Valve "told us that we had to come to an agreement with Nintendo in order to release on Steam... But given Nintendo's long-held stance on emulation, we find Valve's requirement for us to get approval from Nintendo for a Steam release to be impossible. Unfortunately, that's that." "As for Nintendo, this incident just continues their existing stance towards emulation," the post continues. "We don't think that this incident should change anyone's view of either company."

Despite the disappointing result for the Steam release, the Dolphin team is adamant that "we do not believe that Dolphin is in any legal danger." That's despite the emulator's inclusion of the Wii Common Key, which could run afoul of the DMCA's anti-circumvention provisions. The Dolphin Team notes that the Wii Common Key has been freely shared across the Internet since its initial discovery and publication in 2008. And while that key has been in the Dolphin code base since 2009, "no one has really cared," the team writes. [...] With what they believe is a firm legal footing, the team writes that Dolphin development will continue away from Steam, but including a number of UI and quality of life features originally designed for the Steam release. Meanwhile, emulators like RetroArch and the innovative 3dSen continue to be available on Steam, with no immediate sign of a further crackdown from Valve or Nintendo.

The hack of Microsoft's cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said. From a report: Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other. "It is China doing espionage," Mr. Joyce said. "It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens."

The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns's emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter. Daniel J. Kritenbrink, the assistant secretary of state for East Asia, also had his email hacked, a U.S. official said. The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.

Top AI companies including OpenAI, Alphabet and Meta Platforms have made voluntary commitments to the White House to implement measures such as watermarking AI-generated content to help make the technology safer, the Biden administration said on Friday. From a report: The companies -- which also include Anthropic, Inflection, Amazon.com and OpenAI partner Microsoft -- pledged to thoroughly test systems before releasing them and share information about how to reduce risks and invest in cybersecurity.

The move is seen as a win for the Biden administration's effort to regulate the technology which has experienced a boom in investment and consumer popularity. Since generative AI, which uses data to create new content like ChatGPT's human-sounding prose, became wildly popular this year, lawmakers around the world began considering how to mitigate the dangers of the emerging technology to national security and the economy.

According to a new study from online game development platform School XYZ, the exodus of major international video game publishers from Russia led to a sharp rise in the number of video gamers playing pirates games. TorrentFreak reports: Almost seven out of ten video gamers (69%) said they'd played at least one pirated copy in 2022, and more than half (51%) said that they're now pirating more than they did in 2021. As first reported by the Russian news outlet Vedomosti (paywall), the study was conducted across all regions of Russia and took into account all unlicensed game formats, in most cases downloaded from torrent sites. While over a quarter of respondents (27%) said they'd pirated three PC games in 2022, and 20% confessed to pirating more than 10, other figures from the study are more positive. Of the 31% of gamers who reported pirating nothing in 2022, all said that they were opposed to piracy. Just 7% of gamers admitted to buying no games at all in 2022, meaning that 93% bought at least one piece of legitimate content.

According to Alexander Kuzmenko, the former editor of Russian videogame magazine and gaming website Igromania (Game Mania), it's not just the departure of publishers including Sony, Microsoft, and Nintendo causing problem for gamers. When platforms like Steam and GOG, known for their ease of access, stopped supporting Russian bank cards, barriers appeared in a previously frictionless system. Yegor Tomsky, CEO at Watt Studio, agrees that buying content has become much more difficult. "Players are used to buying games on Steam in one click, and now, to buy a game, you need to perform the same actions as when downloading a pirated version, so everyone chooses to save money," Tomsky says.

As the Russian economy faces huge difficulties directly linked to the invasion of Ukraine, some fear that game piracy rates are heading towards the 90%+ mark last seen around two decades ago. People everywhere are trying to save money and according to Konstantin Sakhnov, co-founder of Vengeance Games, overseas game publishers may see lost profits reach $200-$300 million. A report from Kommersant published today indicates that local companies are also feeling the pain. According to data published by job search platform HH.ru, during the first half of 2023 the number of vacancies for video game developers in Russia plummeted 38%.

Researchers have warned that leaked information from a ransomware attack on hardware-maker Gigabyte two years ago may contain critical zero-day vulnerabilities that pose a significant risk to the computing world. The vulnerabilities were found in firmware made by AMI for BMCs (baseboard management controllers), which are small computers integrated into server motherboards allowing remote management of multiple computers. These vulnerabilities, which can be exploited by local or remote attackers with access to Redfish remote management interfaces, could lead to unauthorized access, remote code execution, and potential physical damage to servers. Ars Technica reports: Until the vulnerabilities are patched using an update AMI published on Thursday, they provide a means for malicious hackers -- both financially motivated or nation-state sponsored -- to gain superuser status inside some of the most sensitive cloud environments in the world. From there, the attackers could install ransomware and espionage malware that runs at some of the lowest levels inside infected machines. Successful attackers could also cause physical damage to servers or indefinite reboot loops that a victim organization can't interrupt. Eclypsium warned such events could lead to "lights out forever" scenarios.

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, there's nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't. The researchers privately notified AMI of the vulnerabilities, and the company created firmware patches, which are available to customers through a restricted support page. AMI has also published an advisory here.

An anonymous reader quotes a report from PBS: An IRS plan to test drive a new electronic free-file tax return system next year has got supporters and critics of the idea mobilizing to sway the public and Congress over whether the government should set up a permanent program to help people file their taxes without needing to pay somebody else to figure out what they owe. On one side, civil society groups this week launched a coalition to promote the move toward a government-run free-file program. On the other, tax preparation firms like Intuit -- the parent company of TurboTax -- and H&R Block have been pouring millions into trying to stop the idea cold. The advocacy groups are exponentially out-monied.

An April AP analysis found that overall, Intuit, H&R Block, and other private companies and advocacy groups for large tax preparation businesses, as well as proponents in favor of electronic free file, have reported spending $39.3 million since 2006 to lobby on "free-file" and other matters. Federal law doesn't require domestic lobbyists to itemize expenses by specific issue, so the sums are not limited to free-file. Intuit spent at least $25.6 million since 2006 on lobbying, H&R Block about $9.6 million and the conservative Americans for Tax Reform roughly $3 million. In contrast, the NAACP has spent $140,000 lobbying on "free-file" since 2006 and Public Citizen has spent $110,000 in the same time frame. "What we have on our side is public opinion," said Igor Volsky, executive director of the liberal Groundwork Action advocacy group. Volsky's organization and leaders from Public Citizen, the Center for the Study of Social Policy, Code for America, the Economic Security Project and others launched the "Coalition for Free and Fair Filing" on Wednesday. The group's mission is to "ensure all U.S. taxpayers can easily file tax returns and get the tax credits they deserve by safeguarding and expanding" the new IRS program. "The overwhelming majority of people demand a free-file option," Volsky said. "Now the question for us is how do you channel that into effective political pressure."

The IRS in May released a report that said most taxpayers are interested in filing their taxes directly to the IRS for free, and concurrently announced plans to launch the pilot program for the 2024 filing season. The goal is to test a direct file system that will help the IRS decide whether to move forward with a more permanent program. That idea has faced the immediate threat of budget cuts from congressional Republicans. Republicans on the House Appropriations Committee in June proposed a budget rider that would prohibit funds to be used for the IRS to create a government-run tax preparation software, unless approved by a group of House and Senate committees. The move "safeguards the IRS from an obvious conflict of interest where the tax collector becomes the tax preparer," the bill's summary states.

Google continues the rollout of its Privacy Sandbox APIs -- its replacement for tracking cookies for the online advertising industry. From a report: Today, right on schedule and in time for the launch of Chrome 115 into the stable release channel, Google announced that it will now start enabling the relevance and measurement APIs in its browser. This will be a gradual rollout, with Google aiming for a 99% availability by mid-August. At this point, Google doesn't expect to make any major changes to the APIs. This includes virtually all of the core Privacy Sandbox features, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames. It's worth noting that for the time being, Privacy Sandbox will run in parallel with third-party cookies in the browser. It won't be until early 2024 that Google will deprecate third-party cookies for 1% of Chrome users. After that, the process will speed up though and Google will deprecate these cookies for all users by the second half of 2024.

A bipartisan pair of senators unveiled a bill Wednesday to ban stock ownership by lawmakers and administration officials. The Hill reports: The bill, introduced by Sens. Kirsten Gillibrand (D-N.Y.) and Josh Hawley (R-Mo.), would establish firmer stock trading bans and disclosure requirements for lawmakers, senior executive branch officials and their spouses and dependents. The bill would ban congressional members, the president, vice president, senior executive branch members, and their spouses and dependents from holding or trading stocks, with no exception to blind trusts. Congressional members who violate this ban would be required to pay at least 10 percent of the banned investments.

The legislation also establishes harsh penalties for executive branch stock trading, requiring executive branch officials to give up profits from covered finance interests to the Department of Treasury, while also facing a fine from the Automatic Special Counsel. Congressional members, senior congressional staff and senior executive branch employees would also be required to report if they, a spouse or a dependent applies for or receives a "benefit of value" from the federal government, including loans, contracts, grants, agreements and payments. If they fail to file, they will face a $500 penalty.

The bill aims to increase transparency, requiring public databases of personal financial disclosures and financial transaction filings required by the STOCK Act, which prohibits members of Congress from using insider information when buying and selling stocks. The penalty for the failing to file STOCK Act transaction reports would also increase from $200 to $500.

An anonymous reader quotes a report from TechCrunch: The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans against the myriad of security risks associated with internet-connected devices. The program, officially named the "U.S. Cyber Trust Mark," aims to help Americans ensure they are buying internet-connected devices that include strong cybersecurity protections against cyberattacks. The Internet of Things, a term encompassing everything from fitness trackers and routers to baby monitors and smart refrigerators, has long been considered a weak cybersecurity link. Many devices ship with easy-to-guess default passwords and offer a lack of security regular updates, putting consumers at risk of being hacked.

The Biden administration says its voluntary Energy Star-influenced labeling system will "raise the bar" for IoT security by enabling Americans to make informed decisions about the security credentials of the internet-connected devices they buy. The U.S. Cyber Trust Mark will take the form of a distinct shield logo, which will appear on products that meet established cybersecurity criteria. This criterion, established by the National Institute of Standards and Technology (NIST), will require, for example, that devices require unique and strong default passwords, protect both stored and transmitted data, offer regular security updates, and ship with incident detection capabilities.

The full list of standards is not yet finalized. The White House said that NIST will immediately start work on defining cybersecurity standards for "higher-risk" consumer-grade routers, devices that attackers frequently target to steal passwords and create botnets that can be used to launch distributed denial-of-service (DDoS) attacks. This work will be completed by the end of 2023, with the aim that the initiative will cover these devices when it launches in 2024. In a call with reporters, the White House confirmed that the Cyber Trust Mark will also include a QR code that will link to a national registry of certified devices and provide up-to-date security information, such as software updating policies, data encryption standards and vulnerability remediation. Amazon and Best Buy are some of the first major U.S. retailers to have signed up for the initiative. Others include Cisco, Google, LG, Qualcomm and Samsung.

The U.S. Department of Energy also said it is working with industry partners to develop cybersecurity labeling requirements for smart meters and power inverters.

An anonymous reader quotes a report from Motherboard: A phone-recorded video posted to Reddit shows a wooden desk strewn with various office supplies. On a monitor on the desk, a video begins to play: an Amazon delivery driver, being recorded by a driver-facing camera in their van, leans out of their window to talk to a customer. Though the video is cute, the setup is not: The camera's AI tracks their movements, surrounding them with a bright green box. Below them on the monitor's screen, a yellow line marks the length of the clip sent to the driver's dispatcher. Above them sits a timecode and a speed marker of "0 MPH." The driver opens their door, and moments later, a small French bulldog leaps into the van, tail wagging. The driver is delighted. The person behind the camera laughs a little. [...] The desk set-up looks consistent with that of an Amazon delivery service partner (DSP), the small-business contractors responsible for Amazon's door-to-door deliveries. The DSPs usually operate out of Amazon delivery warehouses, where they are given a desk like the one in the video, in a small area of the warehouse, out of which they select routes, dispatch drivers, and monitor their actions on the road with the help of the cameras.

The video is one of a slew of in-van surveillance videos recently posted to Reddit, a phenomenon which hasn't frequently been seen on the site before. Over the past two weeks, many users in the Amazon delivery service partner drivers subreddit (r/AmazonDSPDrivers) have shared video footage from the cameras, either directly or by recording it on their phone from a monitor within the warehouse. It is clear that many of the videos are not being posted by the subject of the video themselves, and highlights the fact that Amazon drivers, who already have incredibly difficult jobs, are being monitored at all times.

When Motherboard first wrote about the "Biometric Consent" form drivers had to sign that allows them to be monitored while on the job, Amazon insisted that the program was about safety only, and that workers shouldn't be worried about their privacy: "Don't believe the self-interested critics who claim these cameras are intended for anything other than safety," a spokesperson told us at the time. But this video, and a rash of others that have recently become public, shows that access to the camera feeds is being abused. [...] It's not clear why there has been a sudden spate of videos being posted publicly. One current Amazon delivery driver said that the drivers themselves did not have access to the videos -- only Amazon, Netradyne, and the relevant DSPs did.

Norway's data protection regulator has accused Meta of violating user privacy by tracking their activities, threatening to fine the company $100,000 per day if it fails to take corrective action. "It is so clear that this is illegal that we need to intervene now and immediately," said Tobias Judin, head of Norway's privacy commission, Datatilsynet. Engadget reports: The move follows a European court ruling banning Meta from harvesting user data like location, behavior and more for advertising. Datatilsynet has referred its actions to Europe's Data Protection Board, which could widen the fine across Europe. The aim is to put "additional pressure" on Meta, Judin said. (Norway is a member of the European single market, but not technically an EU member.)

Meta told Reuters that it's reviewing Datatilsynet's decision and that the decision wouldn't immediately impact its services. "We continue to constructively engage with the Irish DPC, our lead regulator in the EU, regarding our compliance with its decision," a spokesperson said. "The debate around legal bases has been ongoing for some time and businesses continue to face a lack of regulatory certainty in this area."