Tom Perkins writes via The Guardian: Almost half of a federal government panel that helps develop US nutritional guidelines has significant ties to big agriculture, ultra-processed food companies, pharmaceutical companies and other corporate organizations with a significant stake in the process's outcome. The revelation is part of a new report from US Right to Know, a government transparency group that looked for ties to corporate interests among the 20-member panel of food and nutrition experts that makes recommendations for updating the US government's official dietary guidelines.

It found nine members had ties to Nestle, Pfizer, Coca-Cola, the National Egg Board and other prominent food lobby groups, among others. The findings raise questions about whether the panel is looking out for Americans' health or corporate profits, and "erodes confidence in dietary guidelines," said Gary Ruskin of US Right to Know. "Millions of Americans' lives are affected by this report and it's crucial that the report tell the truth to American people and it's not degraded into another sales pitch for big food and big pharma," he said. [...]

"The guidelines affect the entire US food system quite strongly," Ruskin said. US Right to Know scoured public records dating back five years for conflicts of interest among the 20 panel members. In addition to the nine it found with "high-risk conflicts of interest" and connections to the food and drug industry, it found four more members who have possible conflicts of interest. It applauded the agencies for appointing seven members who did not appear to have any conflicts. At least four panelists have connections to at least two companies each among Abbott, Novo Nordisk, the National Dairy Council, Eli Lilly and Weight Watchers International. One panel member has received about $240,000 in grant funding from Eli Lilly.

Jonathan Greig writes via The Record: Genetic testing giant 23andMe confirmed that a data scraping incident resulted in hackers gaining access to sensitive user information and selling it on the dark web. The information of nearly 7 million 23andMe users was offered for sale on a cybercriminal forum this week. The information included origin estimation, phenotype, health information, photos, identification data and more. 23andMe processes saliva samples submitted by customers to determine their ancestry.

When asked about the post, the company initially denied that the information was legitimate, calling it a "misleading claim" in a statement to Recorded Future News. The company later said it was aware that certain 23andMe customer profile information was compiled through unauthorized access to individual accounts that were signed up for the DNA Relative feature -- which allows users to opt in for the company to show them potential matches for relatives. [...] When pressed on how compromising a handful of user accounts would give someone access to millions of users, the spokesperson said the company does not believe the threat actor had access to all of the accounts but rather gained unauthorized entry to a much smaller number of 23andMe accounts and scraped data from their DNA Relative matches.

A researcher approached Recorded Future News after examining the leaked database and found that much of it looked real. [...] The researcher downloaded two files from the BreachForums post and found that one had information on 1 million 23andMe users of Ashkenazi heritage. The other file included data on more than 300,000 users of Chinese heritage. The data included profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23andme's health data. The researcher added that he discovered another issue where someone could enter a 23andme profile ID, like the ones included in the leaked data set, into their URL and see someone's profile. The data available through this only includes profile photos, names, birth years and location but does not include test results.

An anonymous reader quotes a report from Motherboard: A man who admitted attempting to assassinate Queen Elizabeth II with a crossbow after discussing his plan with an AI-powered chatbot has been sentenced to 9 years in prison for treason. It's the UK's first treason conviction in more than 40 years. Jaswant Singh Chail, who was 19 at the time of his arrest on Christmas Day, 2021, scaled the walls of Windsor Castle's grounds with a mask and a loaded high-power crossbow. He said his intent was, as a British Sikh, to assassinate the Queen in a Star Wars-inspired plan to avenge the 1919 Jallianwalla Bagh massacre, a colonial-era atrocity during British rule in India. Prosecutors said that Chail was encouraged to undertake this plot after discussing it at length with an AI-powered chatbot that egged him on and bolstered his resolve. [...] Chail is currently being held at Broadmoor high-security hospital and will remain there until he is psychologically well enough to serve his sentence.

Slash_Account_Dot shares a report from 404 Media, written by Joseph Cox: In a bombshell report, an oversight body for the Department of Homeland Security (DHS) found that Immigration and Customs Enforcement (ICE), Customs and Border Enforcement (CBP), and the Secret Service all broke the law while using location data harvested from ordinary apps installed on smartphones. In one instance, a CBP official also inappropriately used the technology to track the location of coworkers with no investigative purpose. For years U.S. government agencies have been buying access to location data through commercial vendors, a practice which critics say skirts the Fourth Amendment requirement of a warrant. During that time, the agencies have typically refused to publicly explain the legal basis on which they based their purchase and use of the data. Now, the report shows that three of the main customers of commercial location data broke the law while doing so, and didn't have any supervisory review to ensure proper use of the technology. The report also recommends that ICE stop all use of such data until it obtains the necessary approvals, a request that ICE has refused.

The report, titled "CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data," is dated September 28, 2023, and comes from Joseph V. Cuffari, the Inspector General for DHS. The report was originally marked as "law enforcement sensitive," but the Inspector General has now released it publicly.

James Hunt reports via The Block: A group of FTX U.S.-based employees stumbled across a backdoor for its affiliated trading firm Alameda Research months before the crypto exchange collapsed in Nov. 2022, the Wall Street Journal reported, citing people familiar with the matter. The backdoor allowed Alameda to have a negative balance of up to $65 billion using customer funds, according to previous court filings revealing code buried in FTX's systems. Negative balances were not possible for other FTX users, who would be automatically liquidated if they fell into the red.

The employees reportedly alerted their division boss to the discovery, who discussed it with former FTX CEO Sam Bankman Fried's lieutenant Nishad Singh, but the issue was never resolved. Instead, the leader of the team who raised the concern was sacked, the WSJ said. [...] The backdoor forms a key part of the prosecution's case in Bankman-Fried's trial. Bankman-Fried faces multiple fraud charges and could serve decades in prison. He pleaded not guilty to all charges.

An anonymous reader quotes a report from TechCrunch: Following preliminary objections over Google's data terms, set out back in January by Germany's antitrust watchdog, the tech giant has agreed to make changes that will give users a better choice over its use of their information, the country's Federal Cartel Office (FCO) said today. The commitments cover situations where Google would like to combine personal data from one Google service with personal data from other Google or non-Google sources or cross-use these data in Google services that are provided separately, per the authority.

Per the FCO decision document (PDF): "The Commitments cover in principle all services operated by Google and directed to end users in Germany with more than one million monthly active users (MAU) in Germany [and Android Automotive whether it meets that threshold or not]." But, as we report below, Google's core platform services designated under the EU's DMA are not covered -- nor is Fitbit, which the document notes is already subject to "far-reaching obligations regarding the cross-service processing of health and wellness data" as a result of EU merger control. [...]

Per the FCO decision document, the implementation date (in principle) for Google's commitments is September 30, 2024 — with an earlier date of March 6, 2024 for commitments covering Google Assistant and Contacts. But the FCO notes that it may provide Google with an extension upon "substantiated request". Once implemented, the commitments will have a five year duration from their start date. The document also notes that if, in the future, a Google service falls out of the DMA designation as a core platform service and meets the FCO usage threshold then these local commitments will be applied to it. The converse will also apply; meaning if the European Commission designates one of the Google services covered by this commitments to the DMA list of core platform services it would no longer fall under this arrangement. Gmail is an interesting example here as the EU recently accepted Google's arguments to exclude the web mail service from the DMA list of core platform services -- but the tech giant is facing future restrictions on how it can use Gmail users' data under the FCO commitments (even if these will only apply in Germany). Commenting in a statement, Andreas Mundt, president of the Bundeskartellamt, said: "Data are key for many business models used by large digital companies. The market power of large digital companies is based on the collection, processing and combination of data. Google's competitors do not have these data and are thus faced with serious competitive disadvantages. In the future users of Google services will have a much better choice as to what happens to their data, how Google can use them and whether their data may be used across services. This not only protects the users' right to determine the use of their data but also curbs Google's data-driven market power. Large digital companies offer a wide range of different digital services. Without the users' free and informed consent the data from Google's services and third-party services can no longer be cross-used in separate services offered by Google or even be combined. We have made sure that Google will provide a separate choice option in the future."

An anonymous reader quotes a report from Ars Technica: Within the past year, there have been approximately five times more school shooting hoaxes called in to police than actual school shootings reported in 2023. Where data from Everytown showed "at least 103 incidents of gunfire on school grounds" in 2023, The Washington Post recently uncovered what seems to be a coordinated campaign of active shooter hoaxes causing "swattings" -- where police respond with extreme force to fake crimes -- at more than 500 schools nationwide over the past year. In just one day in February, "more than 30 schools were targeted," The Post reported.

The Post "examined police reports, emergency call recordings, body-camera footage, or call logs in connection with incidents in 24 states," which seemed to reveal a "distinct pattern" potentially linking swatting hoaxes nationwide. A man who "speaks with a heavy accent" -- and possibly uses a device or app to alter his voice in real time -- relies on a virtual private network (VPN) to mask his IP address, then places the hoax calls on non-emergency lines using free Internet-calling services. He frequently pretends to be a teacher hiding from the fake shooter on campus and sometimes falsely reports student shootings. To some law enforcement officials, the voice sounds too similar from call to call to be chalked up to coincidence. The Post stitched together audio that shows why many authorities believe these hoax calls might be coming from the same caller, whose motivations are currently unknown. It's possible the hoax calls are being orchestrated by one person with a hostile compulsion or by one or several perpetrators advertising swatting services available for hire online. [...]

According to The Post, the FBI has been investigating this string of school shooting hoaxes, but it's unclear how far that investigation has gotten -- mostly because tracing the hoax calls has perplexed many law enforcement agencies nationwide. Tracing calls is difficult partly because many VPN providers outside the US don't always cooperate with law enforcement, and some of the most popular free Internet-calling services only require an email address to sign up. However, The Post reported that it has increasingly become clear to law enforcement that one particular Internet-calling service appears to be the most popular choice for hoax callers reporting school shootings: TextNow. One police captain in Lousiana, Shannon Mack -- who is described as specializing in "cases involving Internet-based phone services -- told The Post that "nine times out of 10," hoax calls she has investigated have come from a TextNow number.

An anonymous reader quotes a report from Wired: Crime predictions generated for the police department in Plainfield, New Jersey, rarely lined up with reported crimes, an analysis by The Markup has found, adding new context to the debate over the efficacy of crime prediction software. Geolitica, known as PredPol until a 2021 rebrand, produces software that ingests data from crime incident reports and produces daily predictions on where and when crimes are most likely to occur. We examined 23,631 predictions generated by Geolitica between February 25 and December 18, 2018, for the Plainfield Police Department (PD). Each prediction we analyzed from the company's algorithm indicated that one type of crime was likely to occur in a location not patrolled by Plainfield PD. In the end, the success rate was less than half a percent. Fewer than 100 of the predictions lined up with a crime in the predicted category, that was also later reported to police. Diving deeper, we looked at predictions specifically for robberies or aggravated assaults that were likely to occur in Plainfield and found a similarly low success rate: 0.6 percent. The pattern was even worse when we looked at burglary predictions, which had a success rate of 0.1 percent.

Long-time Slashdot reader schwit1 shares a report from The Intercept: The Heat Initiative, a nonprofit child safety advocacy group, was formed earlier this year to campaign against some of the strong privacy protections Apple provides customers. The group says these protections help enable child exploitation, objecting to the fact that pedophiles can encrypt their personal data just like everyone else. When Apple launched its new iPhone this September, the Heat Initiative seized on the occasion, taking out a full-page New York Times ad, using digital billboard trucks, and even hiring a plane to fly over Apple headquarters with a banner message. The message on the banner appeared simple: 'Dear Apple, Detect Child Sexual Abuse in iCloud' -- Apple's cloud storage system, which today employs a range of powerful encryption technologies aimed at preventing hackers, spies, and Tim Cook from knowing anything about your private files.

Something the Heat Initiative has not placed on giant airborne banners is who's behind it: a controversial billionaire philanthropy network whose influence and tactics have drawn unfavorable comparisons to the right-wing Koch network. Though it does not publicize this fact, the Heat Initiative is a project of the Hopewell Fund, an organization that helps privately and often secretly direct the largesse -- and political will -- of billionaires. Hopewell is part of a giant, tightly connected web of largely anonymous, Democratic Party-aligned dark-money groups, in an ironic turn, campaigning to undermine the privacy of ordinary people.

For an organization demanding that Apple scour the private information of its customers, the Heat Initiative discloses extremely little about itself. According to a report in the New York Times, the Heat Initiative is armed with $2 million from donors including the Children's Investment Fund Foundation, an organization founded by British billionaire hedge fund manager and Google activist investor Chris Cohn, and the Oak Foundation, also founded by a British billionaire. The Oak Foundation previously provided $250,000 to a group attempting to weaken end-to-end encryption protections in EU legislation, according to a 2020 annual report. The Heat Initiative is helmed by Sarah Gardner, who joined from Thorn, an anti-child trafficking organization founded by actor Ashton Kutcher. [...] Critics say these technologies aren't just uncovering trafficked children, but ensnaring adults engaging in consensual sex work. "My goal is for child sexual abuse images to not be freely shared on the internet, and I'm here to advocate for the children who cannot make the case for themselves," Gardner said, declining to name the Heat Initiative's funders. "I think data privacy is vital. I think there's a conflation between user privacy and known illegal content."

Todd Shields and Loren Grush reporting via Bloomberg: Dish Network Corp. was fined $150,000 by US regulators for leaving a retired satellite parked in the wrong place in space, reflecting official concern over the growing amount of debris orbiting Earth and the potential for mishaps. The Federal Communications Commission called the action its first to enforce safeguards against orbital debris. "This is a breakthrough settlement, making very clear the FCC has strong enforcement authority and capability to enforce its vitally important space debris rules," Loyaan A. Egal, the agency's enforcement bureau chief, said in a statement.

Dish's EchoStar-7 satellite, which relayed pay-TV signals, ran short of fuel, and the company retired it at an altitude roughly 76 miles (122 kilometers) above its operational orbit. It was supposed to have been parked 186 miles above its operational orbit, the FCC said in an order (PDF). The company admitted it failed to park EchoStar-7 as authorized. It agreed to implement a compliance plan and pay a $150,000 civil penalty, the FCC said.

Ian Freeman, a New Hampshire man in his 40s, has been sentenced to eight years in prison for running an unlicensed bitcoin exchange business. He will also be fined at least $40,000, although the exact amount still has to be determined in a hearing. The Associated Press reports: Ian Freeman was taken away in handcuffs following his sentencing in U.S. District Court in Concord. Prosecutors said Freeman, a libertarian activist and radio show host, created a business that catered to fraudsters who targeted elderly women with romance scams, serving as "the final step in permanently separating the victims from their money." Freeman, who is in his 40s, said in court he did not believe he broke the law. He said he was trying to get people to adopt bitcoin. He said there were times he detected fraud and protected many potential scam victims. He apologized for not being able to help them all. "I don't want people to be taken advantage of," said Freeman, who said he cooperated with law enforcement to help some people get their money back.

Freeman said he devised a series of questions for customers, including whether a third party was putting them up to their transactions or if they were under duress. Some victims lied about their circumstances, he said. Freeman also said he didn't learn about scam victims until he saw their stories in the news. "It didn't matter how strict I was or how many questions I asked," he said. After a two-week trial, he was convicted of eight charges in December, although his conviction on a money laundering charge was later overturned by the judge. The prosecution is appealing it to the 1st Circuit Court of Appeals.

Freeman was sentenced on the remaining charges, which include operating an unlicensed money transmitting business and conspiracy to commit money laundering and wire fraud. Freeman's lawyers said they planned to appeal and asked that he remain free on bail for now, but U.S. District Court Judge Joseph LaPlante didn't allow it. The sentencing guidelines called for much longer term, ranging from about 17 years to nearly 22 years in prison.

dcblogs writes: The U.S. Supreme Court declined to hear a challenge against the Optional Practical Training (OPT) program, which allows STEM graduates to work in the U.S. for up to three years on a student F-1 visa. John Miano, the attorney representing WashTech, the labor group that brought the appeal, called the decision "staggering." He said it "strips Congress of the ability to control nonimmigrant programs," such as OPT, the H-1B program, and other programs designed to provide temporary guest workers. In the most extreme example of what the decision may allow, Miano said it theoretically enables the White House to let people on tourist visas work. The decision "gives more authority to the federal government to do what it wants," he said.

The OPT program permits STEM (Science, Technology, Engineering, and Math) graduates to work for up to three years under a student F-1 visa. Critics of the program said it brought unfair competition to the U.S. labor market. Ron Hira, an associate professor of Public Policy at Howard University, said the U.S. administration of the OPT program is so poor that "the program has effectively no controls, accountability, or worker protections."

A group of Senate Republicans, including U.S. Sen. Ted Cruz, argued in briefs filed with the court that the federal government was using the OPT program to sidestep the annual H-1B visa cap. More than 30 Republican House members also filed a brief in support.

An anonymous reader quotes a report from The Guardian: Britain's passport database could be used to catch shoplifters, burglars and other criminals under urgent plans to curb crime, the policing minister has said. Chris Philp said he planned to integrate data from the police national database (PND), the Passport Office and other national databases to help police find a match with the "click of one button." But civil liberty campaigners have warned the plans would be an "Orwellian nightmare" that amount to a "gross violation of British privacy principles".

Foreign nationals who are not on the passport database could also be found via the immigration and asylum biometrics system, which will be part of an amalgamated system to help catch thieves. The measures have been deemed controversial by campaigners as the technology could get a match even if images are blurred or partially obscured. Speaking at a fringe event of the Conservative party conference hosted by the Policy Exchange thinktank, Philp said: "I'm going to be asking police forces to search all of those databases -- the police national database, which has custody images, but also other databases like the passport database -- not just for shoplifting but for crime generally to get those matches, because the technology is now so good that you can get a blurred image and get a match for it.

"Operationally, I'm asking them to do it now. In the medium term, by which I mean the next two years, we're going to try and create a new data platform so you can press one button [and it] lets you search it all in one go. Until the new platform is created, he said police forces should search each database separately. [...] Philp said he has already ordered police forces that have access to the passport database to start searching it alongside the police national database, which stores custody images. Officers will be able to compare those facial images against CCTV, dashcam and doorbell technology to help find a match for criminals as prosecution rates are at record lows. He later added: "I would also just remind everyone that the wider public, including shop staff and security guards, do have the power of citizen's arrest and where it's safe to do so I would encourage that to be used. Because if you do just let people walk in and take stuff and walk out without proper challenge, including potentially a physical challenge, then it will just escalate."

Bill Omar Carrasquillo, better known by his YouTube name Omi In a Hellcat, has been arrested after the feds found Carrasquillo had amassed a $30 million fortune with a large-scale piracy scheme in which he was buying and reselling copyrighted material from cable TV. Jalopnik reports: He was sentenced to five years in prison for "piracy of cable TV, access device fraud, wire fraud, money laundering, and hundreds of thousands of dollars of copyright infringement," along with having to forfeit his millions and pay $15 million in restitution. Those millions helped pay for the car collection now going up for auction.

[Road & Track reports Omi In A Hellcat's entire 57 vehicle collection is up for auction.] As of this writing, the auction features 32 cars and 25 bikes and off road vehicles. Despite his crimes, the man had decent taste in cars. There's good stuff to be had like.

This week America's Department of Energy announced $264 million for 29 projects as part of its Energy Earthshots Initiative "to advance clean energy technologies within the decade."

The funding will support 11 new research centers — along with 18 university research teams — studying things like industrial decarbonization, carbon storage, and offshore wind energy. The ultimate goal is a clean-energy revolution that will "accelerate innovations toward more abundant, affordable, and reliable clean energy solutions."

One ambitious example: The Department of Energy's Oak Ridge National Laboratory has been selected to lead an Energy Earthshot Research Center focused on developing chemical processes that use sustainable methods instead of burning fossil fuels to radically reduce industrial greenhouse gas emissions to stem climate change and limit the crisis of a rapidly warming planet... The ORNL-led Non-Equilibrium Energy Transfer for Efficient Reactions center, or NEETER, will coordinate a research team from across the nation focused on replacing bulk heating for chemical processes with electrified means, providing a new way to do chemistry, and decarbonizing large-scale processes in the chemical industry. DOE has committed $19 million over four years for the center...

The scientists, in addition to using their own laboratories, will use Department of Energy Office of Science user facilities, including ORNL's Oak Ridge Leadership Computing Facility, Spallation Neutron Source, High Flux Isotope Reactor, and Center for Nanophase Materials Sciences. They will also include the beam line at Stanford's SLAC National Accelerator Laboratory. NEETER's proposed research is a radical departure from traditional chemistry and holds promise for transformational breakthroughs in energy-related chemical reactions. The NEETER EERC addresses the Department of Energy's Industrial Heat Shot announced in 2022, which aims to develop cost-competitive industrial heat decarbonization technologies with at least 85% lower greenhouse gas emissions by 2035. This EERC will employ new kinds of chemical catalysis as one pathway toward electrifying the delivery of process heat.
The projects include:

• Investigating hydrogen arc plasmas for carbon-free steelmaking

• Using exascale computer simulations and observations to produce more resilient clean energy systems.

• The University of Florida has reportedly teamed with Switzerland-based Synhelion to "research the production of green hydrogen, aiming for a lower cost to produce."

• The Center for Understanding Subsurface Signals and Permeability will attempt research to "advance enhanced geothermal systems with the goal of making them a widely accessible and reliable source of renewable energy"

• Another research center (also lead by the Pacific Northwest National Laboratory) will research effort to "make floating offshore wind a long-term viable energy source."

"Our Energy Earthshots are game-changing endeavors to unleash the technologies of the clean energy transition and make them accessible, affordable, and abundant," said U.S. Secretary of Energy Jennifer M. Granholm. "The Energy Earthshot Research Centers and the related work happening on college campuses around the country will be instrumental in developing the clean energy and decarbonization solutions we need to establish a 100% clean grid and beat climate change."

America's Department of Justice "has finally posted what judge Amit Mehta described at the Google search antitrust trial as an 'embarrassing' exhibit that Google tried to hide from the public," reports Ars Technica: The document in question contains meeting notes that Google's vice president for finance, Michael Roszak, "created for a course on communications," Bloomberg reported. In his notes, Roszak wrote that Google's search advertising "is one of the world's greatest business models ever created" with economics that only certain "illicit businesses" selling "cigarettes or drugs" "could rival."

At trial, Roszak told the court that he didn't recall if he ever gave the presentation. He said that the course required that he tell students "things I don't believe as part of the presentation." He also claimed that the notes were "full of hyperbole and exaggeration" and did not reflect his true beliefs, "because there was no business purpose associated with it." According to Bloomberg, Google repeatedly objected to the document being shared in court, claiming it was irrelevant to the DOJ's case. Then, after Mehta allowed the DOJ to present the document as evidence, Google tried to seal off Roszak's testimony on the document...

Beyond likening Google's search advertising business to illicit drug markets, Roszak's notes also said that because users got hooked on Google's search engine, Google was able to "mostly ignore the demand side" of "fundamental laws of economics" and "only focus on the supply side of advertisers, ad formats, and sales." This was likely the bit that actually interested the DOJ. "We could essentially tear the economics textbook in half," Roszak's notes said. Part of the DOJ's case argues that because Google has a monopoly over search, it's less incentivized to innovate products that protect consumers from harm like invasive data collection.

A Google spokesman told Bloomberg that Roszak's statements "don't reflect the company's opinion" and "were drafted for a public speaking class in which the instructions were to say something hyperbolic and attention-grabbing." The spokesman also noted that Roszak "testified he didn't believe the statements to be true."

"San Francisco's downtown has lost roughly 150,000 daily workers since the pandemic," reports the San Francisco Chronicle.

But on the bright side, "Some of San Francisco's empty office buildings are one step closer to being converted into residential units," reports SFGate: The owners of eight San Francisco office buildings responded to a request from the city for landlords interested in converting their properties into condos or apartments, the San Francisco Chronicle reported... The properties would yield about 1,100 units if they were to all be converted, according to the Chronicle. All of the buildings are located in neighborhoods downtown, including the Civic Center area and the Financial District...

Converting offices to housing is a notably difficult process, especially in San Francisco, where the city's tedious permitting and approvals process has deterred many landlords from pursuing the process entirely. However, that could soon change: The request for interest put forth by the city was part of an initiative intended to jump-start office-to-housing conversions that was announced in June. In March, Mayor London Breed and the Board of Supervisors introduced legislation that would facilitate these conversions by exempting certain downtown buildings from housing requirements that are more difficult to apply to former offices, like rear yard space and a variety of unit types.
Or, as the Chronicle puts it, "The much-discussed push to revive downtown San Francisco by converting empty office buildings to housing is starting to gather real-world momentum, with property owners looking to take advantage of a political climate in which the mayor and Board of Supervisors are desperate to activate the city's struggling central neighborhoods." While converting eight commercial buildings totaling less than 1 million square feet would not put much of a dent in the historic 33.9% office vacancy — more than 30 million square feet of space — the interest is indicative that an increasing number of landlords are accepting the reality that the pandemic and remote work has rendered some buildings obsolete. "We were pleased with the responses — it was more than we had expected, and there was a good variety of buildings," said Anne Taupier, director of development for the city's Office of Economic and Workforce Development. "We think there is a chance to see some game-changing activation...."

Taupier said that all of the property owners said that recent legislation streamlining and lowering affordable housing requirements would be key to making conversions possible. Most of them would be candidates for Mills Act tax credits, which allow cities to reduce taxes for 10 years or more to owners of historic properties.
One of the biggest applications came from Mark Shkolnikov's Group I. "The support from the city has just been remarkable," Shkolnikov said. "They have been frequently checking in to see what they can do to help move this along.

Anyone who has used H&R Block's tax return preparation services since 2015 "may have unintentionally helped line Meta and Google's pocket," reports Gizmodo: That's according to a new class action lawsuit which alleges the three companies "jointly schemed" to install trackers on the H&R Block site to scan and transmit tax data back to the tech companies which then used elements of the data to engage in targeted advertising.

Attorneys bringing the case forward claim the three companies' conduct amounts to a "pattern of racketeering activity" covered under the Racketeer Influenced and Corrupt Organizations Act (RICO), a tool typically reserved for organized crime. "H&R Block, Google, and Meta ignored data privacy laws, and passed information about people's financial lives around like candy," Brent Wisner, one of the attorneys bringing forward the complaint said.

The lawsuit, filed in the Northern District of California this week, stems from a bombshell Congressional report released earlier this year detailing the way multiple tax preparation firms, including H&R Block, "recklessly" shared the sensitive tax data of tens of millions of Americans without proper safeguards. At issue are the tax preparation firms' use of tracking "pixels" placed on their websites. These trackers, which the lawsuit refers to as "spy cams" would allegedly scan tax documents and reveal a variety of personal tax information, including a filer's name, filing status, federal taxes owed, address, and number of dependents. That data was then anonymized and used for targeted advertising and to train Meta's AI algorithms, the congressional report notes.
The attorneys argue that H&R Block, Meta, and Google "explicitly and intentionally" entered into an agreement to violate taxpayers' privacy rights for financial gain, according to the article. The suit seeks refunds and punitive damages.

Kotaku reports: A newly unsealed FBI indictment accuses a former analyst at Goldman Sachs of insider trading, including allegedly using an Xbox to pass tips onto his close friends. The friend group earned over $400,000 in ill-gotten gains as a result, federal prosecutors claim. "There's no tracing [Xbox 360 chat]," the analyst allegedly told his friend who was worried they might be discovered.

He appears to have made a grave miscalculation.

The FBI arrested Anthony Viggiano and alleged co-conspirator Christopher Salamone, charging them with securities fraud on September 28. Viggiano is accused of using his previous position at Goldman Sachs to share trading tips with Salamone and others. Salamone has already pleaded guilty. Bloomberg reports that this is the fifth incident in recent years of a person associated with the investment bank allegedly using their position to do crimes...

Probably best to keep the crime talk on Xbox to a minimum either way, especially now that Microsoft is using AI to monitor communications for illicit and toxic activities.
In a statement an FBI official said "This indictment is yet another example of individuals believing they can get away with benefiting from trading on material non-public information.

The Associated Press reports: The National Security Agency is starting an artificial intelligence security center -- a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems, the agency's outgoing director announced Thursday. Army Gen. Paul Nakasone said the center would be incorporated into the NSA's Cybersecurity Collaboration Center, where it works with private industry and international partners to harden the U.S. defense-industrial base against threats from adversaries led by China and Russia.

Nakasone was asked about using AI to automate the analysis of threat vectors and red-flag alerts -- and he reminded the audience that U.S. intelligence and defense agencies already use AI. "AI helps us, But our decisions are made by humans. And that's an important distinction," Nakasone said. "We do see assistance from artificial intelligence. But at the end of the day, decisions will be made by humans and humans in the loop."

Nakasone said it would become "NSA's focal point for leveraging foreign intelligence insights, contributing to the development of best practices guidelines, principles, evaluation, methodology and risk frameworks" for both AI security and the goal of promoting the secure development and adoption of AI within "our national security systems and our defense industrial base." He said it would work closely with U.S. industry, national labs, academia and the Department of Defense as well as international partners.

An anonymous reader quotes a report from the BBC: What I felt was fear," says Claudia Duarte Agostinho as she remembers the extreme heatwave and fires that ripped through Portugal in 2017 and killed more than 100 people. "The wildfires made me really anxious about what sort of future I would have." Claudia, 24, her brother Martim, 20, and her sister Mariana, 11, are among six young Portuguese people who have filed a lawsuit against 32 governments, including all EU member states, the UK, Norway, Russia, Switzerland and Turkey. They accuse the countries of insufficient action over climate change and failing to reduce their greenhouse gas emissions enough to hit the Paris Agreement target of limiting global warming to 1.5C. The case is the first of its kind to be filed at the European Court of Human Rights (ECHR) in Strasbourg. If it is successful, it could have legally-binding consequences for the governments involved. The first hearing in the case is being held on Wednesday.

Aged from 11 to 24, the six claimants argue that the forest fires that have occurred in Portugal each year since 2017 are a direct result of global warming. They claim that their fundamental human rights -- including the right to life, privacy, family life and to be free from discrimination -- are being violated due to governments' reluctance to fight climate change. They say they have already been experiencing significant impacts, especially because of extreme temperatures in Portugal forcing them to spend time indoors and restricting their ability to sleep, concentrate or exercise. Some also suffer from eco-anxiety, allergies and respiratory conditions including asthma. None of the young applicants is seeking financial compensation.

Lawyers representing the six young claimants are expected to argue in court that the 32 governments' current policies are putting the world on course for 3C of global warming by the end of the century. [...] In separate and joint responses to the case, the governments argue that the claimants have not sufficiently established that they have suffered as a direct consequence of climate change or the Portuguese wildfires. They claim there is no evidence to show climate change poses an immediate risk to human life or health, and also argue that climate policy is beyond the scope of the European Court of Human Rights jurisdiction. "These six young people from Portugal, who are ordinary individuals concerned about their future, will be facing 32 legal teams, hundreds of lawyers representing governments whose inaction is already harming them," says Gearoid O Cuinn, director of Global Legal Action Network (GLAN).

"So this is a real David vs Goliath case that is seeking a structural change to put us on a much better track in terms of our future."

An anonymous reader quotes a report from the Associated Press: The Supreme Court agreed Friday to decide whether state laws that seek to regulate Facebook, TikTok, X and other social media platforms violate the Constitution. The justices will review laws enacted by Republican-dominated legislatures and signed by Republican governors in Florida and Texas. While the details vary, both laws aim to prevent the social media companies from censoring users based on their viewpoints. The court's announcement, three days before the start of its new term, comes as the justices continue to grapple with how laws written at the dawn of the digital age, or earlier, apply to the online world.

The justices had already agreed to decide whether public officials can block critics from commenting on their social media accounts [...]. Separately, the high court also could consider a lower-court order limiting executive branch officials' communications with social media companies about controversial online posts. The new social media cases follow conflicting rulings by two appeals courts, one of which upheld the Texas law, while the other struck down Florida's statute. By a 5-4 vote, the justices kept the Texas law on hold while litigation over it continues.

Slash_Account_Dot writes: I recently got my hands on an ordinary-looking iPhone-to-HDMI adapter that mimics Apple's branding and, when plugged in, runs a program that implores you to "Scan QR code for use." That QR code takes you to an ad-riddled website that asks you to download an app that asks for your location data, access to your photos and videos, runs a bizarre web browser, installs tracking cookies, takes "sensor data," and uses that data to target you with ads. The adapter's app also kindly informed me that it's sending all of my data to China.

The cord was discovered by friend of 404 Media John Bumstead, an electronics refurbisher and artist who buys devices in bulk from electronics recyclers. Bumstead tweeted about the cord and was kind enough to send me one so I could try it myself. Joseph has written about malicious lightning cables and USB cables made by hackers that can be used for keystroke logging and spying. While those malicious lightning cables are products marketed for spying, the HDMI adapter Bumstead has been found in the wild and is just another crappy knockoff cable sold on Amazon's increasingly difficult to navigate website. This HDMI adapter is designed to look exactly like Apple's same adapter.

Three Arrows Capital co-founder Su Zhu was apprehended in Singapore while trying to leave the country on Friday. From a report: Teneo, which is liquidating the defunct firm's estate, said it received a committal order against Zhu after he failed to comply with an earlier Singapore court order compelling him to cooperate with the liquidation investigation. The order sentenced Zhu to four months in prison, according to a statement by Teneo. Zhu was apprehended at Singapore's Changi Airport on Friday afternoon, Teneo said, adding that the Sept. 25 order also saw Zhu's co-founder Kyle Davies receive the same sentence. Zhu didn't immediately respond to a request for comment.

An anonymous reader quotes a report from the Associated Press: New York state banned the use of facial recognition technology in schools Wednesday, following a report that concluded the risks to student privacy and civil rights outweigh potential security benefits. Education Commissioner Betty Rosa's order leaves decisions on digital fingerprinting and other biometric technology up to local districts. The state has had a moratorium on facial recognition since parents filed a court challenge to its adoption by an upstate district.

[A]n analysis by the Office of Information Technology Services issued last month "acknowledges that the risks of the use of (facial recognition technology) in an educational setting may outweigh the benefits." The report, sought by the Legislature, noted "the potentially higher rate of false positives for people of color, non-binary and transgender people, women, the elderly, and children." It also cited research from the nonprofit Violence Project that found that 70% of school shooters from 1980 to 2019 were current students. The technology, the report said, "may only offer the appearance of safer schools."

Biotechnology would not stop a student from entering a school "unless an administrator or staff member first noticed that the student was in crisis, had made some sort of threat, or indicated in some other way that they could be a threat to school security," the report said. The state report found that the use of digital fingerprinting was less risky and could be beneficial for school lunch payments and accessing electronic tablets and other devices. Schools may use that technology after seeking parental input, Rosa said. "Schools should be safe places to learn and grow, not spaces where they are constantly scanned and monitored, with their most sensitive information at risk," said Stefanie Coyle, deputy director of the NYCLU's Education Policy Center.

An anonymous reader quotes a report from the Japan Times: From Oct. 1, a new tax regulation decades in the making will go into effect -- and hundreds of thousands of workers in Japan are angry. The Qualified Invoicing System, which requires taxable businesses to issue invoices containing tax information for transactions, has generated a full-fledged movement against it. A petition on Change.org to halt the regulation has received nearly 450,000 signatures. The social movement [...] has held regular demonstrations and conferences advocating against the law, alongside significant protest from the world of pop culture: Animators, filmmakers, voice actors, manga artists and V-tubers of all stripes have joined together against it.

While the law is complex, the reason it's hated is not: It's effectively a tax increase. While the system was created to ensure that businesses will properly pay consumption tax, for many freelancers and small businesses the result will amount to a 10% increase in taxes -- a high enough jump to potentially devastate creatives who already make a living by the narrowest of margins. [...] Those who have already registered as taxable businesses or sole proprietors with sales of over 10 million yen are required to register for the system. Small freelancers and tax-exempt businesses, however, will need to consider carefully what to do. "Tax compliance will be the biggest issue for freelancers," [says Fumiko Mizoguchi, indirect tax service country leader at Deloitte]. "If freelancers agree to issue qualified invoices, they should offer the counter-suggestion that their prices will increase 10% as a result."

Meanwhile, the protest movement is steady on the ground in Tokyo. Voiction, which has been meeting with legislators to try to halt the law, plans on continuing to fight through the rest of the year and beyond. [Voice actress Yuhko Kaida] explains that the government could still decide to allow small businesses to not file 2023's consumption tax in March 2024, when taxes are due. "If we have the willpower, we can stop this law," Kaida says. "Then we can reduce the damage to people's lives."

samleecole writes: A food delivery robot company that delivers for Uber Eats in Los Angeles provided video filmed by one of its robots to the Los Angeles Police Department as part of a criminal investigation, 404 Media has learned. The incident highlights the fact that delivery robots that are being deployed to sidewalks all around the country are essentially always filming, and that their footage can and has been used as evidence in criminal trials. Emails obtained by 404 Media also show that the robot food delivery company wanted to work more closely with the LAPD, which jumped at the opportunity.

Apple said it has asked the US Supreme Court to review a judge's ruling from two years ago that could diminish the billions of dollars in revenue its App Store generates by letting app developers direct users to alternative payment methods. From a report: Apple's request to the high court on Thursday is its latest salvo in a drawn-out battle with Epic Games over how the iPhone maker runs its app marketplace. App Store revenue is lucrative for Apple, with developers charged a commission of as much as 30% for sales of digital goods and services -- a fee that the maker of the popular Fortnite game is trying to avoid paying. At the same time, years of complaints from app developers and scrutiny from governments globally have already forced Apple to rewrite some of the rules protecting its dominance in the $160 billion app distribution marketplace.

Apple's request comes a day after Epic petitioned the Supreme Court to review a separate part of the ruling, that App Store policies don't violate federal antitrust laws. Apple's filing couldn't immediately be confirmed in court records. The Supreme Court, per its regular schedule, could decide by the end of the year or early next year whether it will take up either or both of the petitions. In a mixed ruling in September 2021 following a trial, a federal judge in Oakland, California, largely rejected Epic's claims that Apple's online marketplace policies violated federal law by barring third-party app marketplaces on its operating system. But she also found that Apple flouted California state law by blocking developers from letting consumers know about alternative payment methods. The 9th US Circuit Court of Appeals affirmed the trial judge's decision in April.

The U.S. government on Wednesday sued eBay, accusing the online platform of violating the Clean Air Act and other environmental laws by allowing the sale of several harmful products, including devices that defeat automobile pollution controls. From a report: EBay could face billions of dollars in penalties, including up to $5,580 for each Clean Air Act violation, according to the government's complaint filed in the federal court in Brooklyn, New York. The Department of Justice said eBay illegally allowed the sale of at least 343,011 aftermarket "defeat" devices that help vehicles generate more power and get better fuel economy by evading emissions controls.

EBay was also accused of allowing the sale of at least 23,000 unregistered, misbranded or restricted-use pesticides, violating a 2020 "stop sale" order from the U.S. Environmental Protection Agency. The San Jose, California-based company also allegedly distributed 5,614 paint and coating removal products containing methylene chloride, a potentially lethal chemical linked to brain and liver cancer and non-Hodgkin lymphoma. "EBay has the power, the authority, and the resources to stop the sale of these illegal, harmful products on its website," the complaint said. "It has chosen not to; instead, it has chosen to engage in these illegal transactions."

An anonymous reader quotes a report from Ars Technica: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper (PDF) published Tuesday. The cross-origin attack allows a malicious website from one domain -- say, example.com -- to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. [...]

GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must:

1. allow cross-origin iframes to be loaded with cookies
2. allow rendering SVG filters on iframes and
3. delegate rendering tasks to the GPU

For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source. "This is impactful research on how hardware works," a Google representative said in a statement. "Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default SameSite=Lax cookie behavior receive significant mitigation against personalized data being leaked. These protections, along with the difficulty and time required to exploit this behavior, significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers. We are always looking to further improve protections for Chrome users."

An Intel representative, meanwhile, said that the chipmaker has "assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third-party software." A Qualcomm representative said "the issue isn't in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned." Apple, Nvidia, AMD, and ARM didn't comment on the findings.

An informational write-up of the findings can be found here.

New submitter AsylumWraith shares a report: The US government aims to restore sweeping regulations for high-speed internet providers, such as AT&T, Comcast and Verizon, reviving "net neutrality" rules for the broadband industry -- and an ongoing debate about the internet's future. The proposed rules from the Federal Communications Commission will designate internet service -- both the wired kind found in homes and businesses as well as mobile data on cellphones -- as "essential telecommunications" akin to traditional telephone services, according to multiple people familiar with the plan. The rules would ban internet service providers (ISPs) from blocking or slowing down access to websites and online content, the people told CNN.

Agency chairwoman Jessica Rosenworcel plans to unveil the proposal in a speech at the National Press Club on Tuesday, the people added, saying the FCC plans to vote Oct. 19 on whether to advance the draft rules by soliciting public feedback on them -- a step that would precede the creation of any final rules. In addition to the prohibitions on blocking and throttling internet traffic, the draft rules also seek to prevent ISPs from selectively speeding up service to favored websites or to those that agree to pay extra fees, the people added, a move designed to prevent the emergence of "fast lanes" on the web that could give some websites a paid advantage over others.

Slash_Account_Dot writes: A federal counterintelligence agency tracking hackers has bought data harvested from the backbone of the internet by a private company because it was easier and took less time than getting similar data from the NSA, according to internal U.S. government documents. According to the documents, going through an agency like the NSA could take "days," whereas a private contractor could provide the same data instantly. The news is yet another example of a government agency turning to the private sector for novel datasets that the public is likely unaware are being collected and then sold.

An anonymous reader quotes a report from Wired: The U.S. Federal Bureau of Investigation (FBI) has done tens of thousands of face recognition searches using software from outside providers in recent years. Yet only 5 percent of the 200 agents with access to the technology have taken the bureau's three-day training course on how to use it, a report from the Government Accountability Office (GAO) this month reveals. The bureau has no policy for face recognition use in place to protect privacy, civil rights, or civil liberties. Lawmakers and others concerned about face recognition have said that adequate training on the technology and how to interpret its output is needed to reduce improper use or errors, although some experts say training can lull law enforcement and the public into thinking face recognition is low risk.

Since the false arrest of Robert Williams near Detroit in 2020, multiple instances have surfaced in the US of arrests after a face recognition model wrongly identified a person. Alonzo Sawyer, whose ordeal became known this spring, spent nine days in prison for a crime he didn't commit. The lack of face recognition training at the FBI came to light in a GAO report examining the protections in place when federal law enforcement uses the technology. The report was compiled at the request of seven Democratic members of Congress. Report author and GAO Homeland Security and Justice director Gretta Goodwin says, via email, that she found no evidence of false arrests due to use of face recognition by a federal law enforcement agency.

The GAO report focuses on face recognition tools made by commercial and nonprofit entities. That means it does not cover the FBI's in-house face recognition platform, which the GAO previously criticized for poor privacy protections. The US Department of Justice was ordered by the White House last year to develop best practices for using face recognition and report any policy changes that result. The outside face recognition tools used by the FBI and other federal law enforcement covered by the report comes from companies including Clearview AI, which scraped billions of photos of faces from the internet to train its face recognition system, andThorn, a nonprofit that combats sex trafficking by applying face recognition to identify victims and sex traffickers from online commercial sex market imagery.The FBI ranks first among federal law enforcement agencies examined by the GAO for the scale of its use of face recognition. More than 60,000 searches were carried out by seven agencies between October 2019 and March 2022. Over half were made by FBI agents, about 15,000 using Clearview AI and 20,000 using Thorn. "No existing law requires federal law enforcement personnel to take training before using face recognition or to follow particular standards when using face recognition in a criminal investigation," notes Wired.

"The DOJ plans to issue a department-wide civil rights and civil liberties policy for face recognition but has yet to set a date for planned implementation, according to the report. It says that DOJ officials, at one point in 2022, considered updating its policy to allow a face recognition match alone to justify applying for a search warrant."

Emma Roth reporting via The Verge: Facebook can be sued over allegations that its advertising algorithm is discriminatory, a California state court of appeals ruled last week. The decision stems from a class action lawsuit filed against Facebook in 2020, which accused the company of not showing insurance ads to women and older people in violation of civil rights laws. The case centers around Samantha Liapes, a 48-year-old woman who turned to Facebook to find an insurance provider. The lawsuit alleges that Facebook's ad delivery system didn't show Liapes ads for insurance due to her age and gender.

In a September 21st ruling, the appeals court reversed a previous decision that said Section 230 (which protects online platforms from legal liability if users post illegal content) shields Facebook from accountability. The appeals court concluded that the case "adequately" alleges that Facebook "knew insurance advertisers intentionally targeted its ads based on users' age and gender" in violation of the Unruh Civil Rights Act. It also found significant similarities between Facebook's ad platform and Roommates.com, a service that exceeded the protections of Section 230 by including dropdown menus with options that allowed for discrimination. "There is little difference with Facebook's ad tools" and their targeting capabilities, the court concluded. "Facebook does not merely proliferate and disseminate content as a publisher ... it creates, shapes, or develops content" with the tools.

Web3 is Going Great reports: After the Hong Kong-based JPEX exchange limited withdrawals amidst what appeared to be an impending collapse of the platform, things are now looking a lot more like fraud. Police have received more than 2,200 complaints pertaining to the exchange, involving $178 million in possible losses. Eleven people, including various crypto influencers who had promoted the exchange, were taken in for questioning. However, police have said those eleven people were not likely central to the fraud, and that the leaders of the JPEX project are on the run.

"New York City is now turning to robots to help patrol the Times Square subway station," quipped one local newscast.

The non-profit New York City blog Gothamist describes the robot as "almost as tall as the mayor — but at least three-times as wide around the waist," with a maximum speed of 3 miles per hour-- but a 360-degree field of vision, equipped with four cameras to send live video (without audio) to the police. A 420-pound, 5-foot-2-inch robocop with a giant camera for a face will begin patrolling the Times Square subway station overnight, the New York Police Department announced Friday morning. At a press conference held underground in the 42nd Street subway station, New York City Mayor Eric Adams said the city is launching a two-month pilot program to test the Knightscope K5 Autonomous Security Robot. During the press conference, the K5 robot — which is shaped like a small, white rocketship — stood silently along with uniformed officers and city officials in suits. Stripes of glowing blue lights indicated it was "on."

The K5 will act as a crime deterrent and provide real-time information on how to best deploy human officers to a safety incident, the mayor said. It features multiple cameras, a button that can connect the public with a real person, and a speaker for live audio communication... During the pilot program, the K5 will patrol the Times Squares subway station from midnight to 6 a.m. with a human NYPD handler that will help introduce it to the public. After two months, the mayor said the handler will no longer be necessary, and the robot will go on solo patrol...

Knightscope, which manufactures the robot, reports that it has been deployed to 30 clients in 10 states, including at malls and hospitals. The K5 has been in some sticky situations in other cities. One was toppled and slathered in barbecue sauce in San Francisco, while another was beaten by an intoxicated man in Mountain View, California, according to news reports. Another robot fell into a pool of water outside an office building in Washington, D.C.

When asked whether the robot was at risk of vandalism in New York City, the mayor strode over to it and gave it a few firm shoves. "Let's be clear, this is not a pushover. 420 pounds. This is New York tested," he said.
The city is leasing the robot for $9 an hour — And yes, local newscasts couldn't resist calling it a robocop. One shows the mayor announcing "We will continue to stay ahead of those who want to harm everyday New Yorkers."

Though the robot is equipped with facial recognition capability, it will not be activated.

Recent breaches of MGM's casino systems "were probably carried out by teens and young adults who have allied themselves with one of the world's most notorious ransomware gangs," writes the Washington Post's technology reporter.

Their alliance with the "Scattered Spider" group is described as "part of a trend that has alarmed security experts and defenders of corporate computer networks." The group is said to be "very active in the past two years, targeting large companies via stolen employee credentials and tricks such as convincing tech support employees that they have been accidentally locked out of their computers and need a new password." They moved from cryptocurrency thefts to targeting businesses that provide third-party business functions such as help desks and call center staffing, allowing them to infiltrate networks of many customers. And they extorted Western Digital and other technology firms after stealing internal data before heading for the jackpots in Las Vegas. But their willingness to deploy crippling ransomware while demanding money is a major escalation, as is their choice of a business partner: ALPHV, a hacking group whose affiliates include members of the former Russian powerhouses BlackMatter and DarkSide, the groups responsible for the Colonial Pipeline hack that awoke Washington to the national security risk of ransomware. ALPHV provided the BlackCat ransomware that the young hackers installed in the casinos' systems...

[According to new research presented Friday at the LABScon security conference] they came together through crimes enabled by SIM-swapping, which usually involves convincing phone company employees to hand over control of someone else's phone number. Because of poor security controls around those numbers, such gambits have allowed criminals to amass millions of dollars by beating SMS text-based two-factor authentication on cryptocurrency accounts. The extra money has made alliances possible with criminals who have different skills to bring to the table, including some who had hacked police servers and could send emails from purported officers demanding emergency disclosures of information on phone and internet customers. Worse, the researchers said, they have now attracted recruiters for the Russian gangs who want to combine their business savvy with the techniques and local knowledge of the native English speakers.

In 2020 Serbian scientists were gifted China's "Fire-Eye" labs, remembers the Washington Post. The sophisticated portable labs "excelled not only at cracking the genetic code for viruses, but also for humans, with machines that can decipher genetic instructions contained within the cells of every person on Earth, according to its Chinese inventors."

Although some of them were temporary, "scores" of the portable labs "were donated or sold to foreign countries during the pandemic," reports the Washington Post. But it adds that now those same labs "are attracting the attention of Western intelligence agencies amid growing unease about China's intentions." Some analysts perceive China's largesse as part of a global attempt to tap into new sources of highly valuable human DNA data in countries around the world. That collection effort, underway for more than a decade, has included the acquisition of U.S. genetics companies as well as sophisticated hacking operations, U.S. and Western intelligence officials say. But more recently, it received an unexpected boost from the coronavirus pandemic, which created opportunities for Chinese companies and institutes to distribute gene-sequencing machines and build partnerships for genetic research in places where Beijing previously had little or no access, the officials said. Amid the pandemic, Fire-Eye labs would proliferate quickly, spreading to four continents and more than 20 countries, from Canada and Latvia to Saudi Arabia, and from Ethiopia and South Africa to Australia. Several, like the one in Belgrade, now function as permanent genetic-testing centers...

BGI Group, the Shenzhen-based company that makes Fire-Eye labs, said it has no access to genetic information collected by the lab it helped create in Serbia. But U.S. officials note that BGI was picked by Beijing to build and operate the China National GeneBank, a vast and growing government-owned repository that now includes genetic data drawn from millions of people around the world. The Pentagon last year officially listed BGI as one of several "Chinese military companies" operating in the United States, and a 2021 U.S. intelligence assessment linked the company to the Beijing-directed global effort to obtain even more human DNA, including from the United States. The U.S. government also has blacklisted Chinese subsidiaries of BGI for allegedly helping analyze genetic material gathered inside China to assist government crackdowns on the country's ethnic and religious minorities...

Beijing's drive to sweep up DNA from across the planet has occasionally stirred controversy, particularly after a 2021 Reuters series about aspects of the project. Chinese academics and military scientists have also attracted attention by debating the feasibility of creating biological weapons that might someday target populations based on their genes. Genetic-based weapons are regarded by experts as a distant prospect, at best, and some of the discussion appears to have been prompted by official paranoia about whether the United States and other countries are exploring such weapons.

U.S. intelligence officials believe China's global effort is mostly about beating the West economically, not militarily. There is no public evidence that Chinese companies have used foreign DNA for reasons other than scientific research. China has announced plans to become the world's leader in biotechnology by 2035, and it regards genetic information — sometimes called "the new gold" — as a crucial ingredient in a scientific revolution that could produce thousands of new drugs and cures...

U.S. intelligence officials said in interviews that they have limited insight into how BGI handles DNA information acquired overseas, including whether genetic data from the Fire-Eye labs ultimately end up in the computers of China's military or intelligence services... Chinese law makes clear that any information collected using BGI's machines can be accessed by the Chinese government. A national intelligence law enacted in 2017 stipulates that Chinese firms and citizens are legally bound to share proprietary information acquired in foreign countries whenever requested.
Thanks to long-time Slashdot reader schwit1 for sharing the article

The White House is considering requiring cloud computing firms to report some information about their customers to the U.S. government, Semafor reported Friday, citing people familiar with an upcoming executive order on AI. From the report: The provision would direct the Commerce Department to write rules forcing cloud companies like Microsoft, Google, and Amazon to disclose when a customer purchases computing resources beyond a certain threshold. The order hasn't been finalized and specifics of it could still change. Similar "know-your-customer" policies already exist in the banking sector to prevent money laundering and other illegal activities, such as the law mandating firms to report cash transactions exceeding $10,000.

In this case, the rules are intended to create a system that would allow the U.S. government to identify potential AI threats ahead of time, particularly those coming from entities in foreign countries. If a company in the Middle East began building a powerful large language model using Amazon Web Services, for example, the reporting requirement would theoretically give American authorities an early warning about it. The policy proposal represents a potential step toward treating computing power -- or the technical capacity AI systems need to perform tasks -- like a national resource. Mining Bitcoin, developing video games, and running AI models like ChatGPT all require large amounts of compute.

FrankOVD writes: Google is being sued by a widow who says her husband drowned in September 2022 after Google Maps directed him over a collapsed bridge in Hickory, North Carolina. Google failed to correct its map service despite warnings about the broken bridge two years before the accident, according to the lawsuit filed Tuesday by Alicia Paxson in Wake County Superior Court. Philip Paxson "died tragically while driving home from his daughter's ninth birthday party, when he drove off of an unmarked, unbarricaded collapsed bridge in Hickory, North Carolina while following GPS directions," the complaint said.

The Snow Creek Bridge reportedly collapsed in 2013 and wasn't repaired. Barricades were typically in place but "were removed after being vandalized and were missing at the time of Paxson's wreck," according to The Charlotte Observer. The lawsuit has five defendants, including Google and its owner Alphabet. The other defendants are James Tarlton and two local business entities called Tarde, LLC and Hinckley Gauvain, LLC. Tarlton and the two businesses "owned, controlled, and/or were otherwise responsible for the land" containing the bridge, the lawsuit said.

An anonymous reader quotes a report from Computer Weekly: A doctoral thesis by American investigative journalist and post-doctoral researcher Jacob Appelbaum has now revealed unpublished information from the Snowden archive. These revelations go back a decade, but remain of indisputable public interest:

- The NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs) – the main processor in a computer which runs the operating system and applications -- as a successful example of a "SIGINT-enabled" CPU supplier. Cavium, now owned by Marvell, said it does not implement back doors for any government.
- The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: "You talk, we listen." The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.
- Among example targets of its mass surveillance program, PRISM, the NSA listed the Tibetan government in exile.

These revelations have surfaced for the first time thanks to a doctoral thesis authored by Appelbaum towards earning a degree in applied cryptography from the Eindhoven University of Technology in the Netherlands. Communication in a world of pervasive surveillance is a public document and has been downloaded over 18,000 times since March 2022 when it was first published. [...] We asked Jacob Appelbaum, currently a post-doctoral researcher at the Eindhoven University of Technology, why he chose to publish those revelations in a technically written thesis rather than a mass-circulation newspaper. He replied: "As an academic, I see that the details included are in the public interest, and highly relevant for the topic covered in my thesis, as it covers the topic of large-scale adversaries engaging in targeted and mass surveillance." According to The Register, "Marvell (the owner of Cavium since 2018) denies the allegations that it or Cavium placed backdoors in products at the behest of the U.S. government.

Appelbaum's thesis wasn't given much attention until it was mentioned in Electrospaces.net's security blog last week.

An anonymous reader quotes a report from Ars Technica: A suspicious phone company is on the verge of having all its calls blocked by US-based telcos after being accused of ignoring orders to investigate and block robocalls. One Owl Telecom is a US-based gateway provider that routes phone calls from outside the U.S. to consumer phone companies such as Verizon. "Robocalls on One Owl's network apparently bombarded consumers without their consent with prerecorded messages about fictitious orders," the Federal Communications Commission said yesterday.

On August 1, the FCC sent One Owl a Notification of Suspected Illegal Robocall Traffic (PDF) ordering it to investigate robocall traffic identified by USTelecom's Industry Traceback Group, block all of the identified traffic within 14 days, and "continue to block the identified gateway traffic as well as substantially similar traffic on an ongoing basis." One Owl apparently hasn't taken any of the required steps, the FCC said yesterday. "One Owl never responded, and the [FCC Enforcement] Bureau is not aware of any measures One Owl has taken to comply with the Notice," an FCC order said.

Blocking robocall traffic from companies like One Owl is a bit like playing whack-a-mole. The FCC said it previously took enforcement actions "against two other entities to whom One Owl is closely related: Illum Telecommunication Limited and One Eye LLC. While operating under different corporate names, these entities have shared personnel, IP addresses, customers, and a penchant for disregarding FCC rules." If One Owl doesn't provide an adequate response within 14 days, all phone companies receiving calls from it "will then be required to block and cease accepting all traffic received from One Owl beginning 30 days after release of the Final Determination Order," the FCC said. "One Owl faces a simple choice -- comply or lose access to U.S. communications networks," FCC Enforcement Bureau Chief Loyaan Egal said in a press release.

A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price." From a report: Brad and Dusti Pearce admitted one count of conspiracy to commit wire fraud and each face a maximum penalty of 20 years in prison. After agreeing to a plea deal, the Pearces must also forfeit at least $4 million as well as gold, silver, collectible coins, cryptocurrency, and a vehicle, and "make full restitution to their victims," the US Department of Justice said. The pair from Tuttle, Oklahoma -- a city better known for its cattle ranchers and alfafa hay than pirated software -- were alleged to have sold pirated Avaya business telephone system software licenses.

The licenses were then used to unlock features of the popular telephone system, which is used by thousands of companies around the globe. Dusti Pearce was said by prosecutors to have looked after the accounting side of the business, although only the wire fraud charge remains under the plea deal. Brad Pearce had previously worked as a customer service employee at Avaya, and was said to have used his admin privileges to "generate tens of thousands of ADI software license keys" that he sold to his main customer, Jason Hines, as well as "other customers, who in turn sold them to resellers and end users around the globe," said the DoJ.

A trade group for U.S. authors has sued OpenAI in Manhattan federal court on behalf of prominent writers including John Grisham, Jonathan Franzen, George Saunders, Jodi Picault and "Game of Thrones" novelist George R.R. Martin, accusing the company of unlawfully training its popular artificial-intelligence based chatbot ChatGPT on their work. From a report: The proposed class-action lawsuit filed late on Tuesday by the Authors Guild joins several others from writers, source-code owners and visual artists against generative AI providers. In addition to Microsoft-backed OpenAI, similar lawsuits are pending against Meta Platforms and Stability AI over the data used to train their AI systems. Other authors involved in the latest lawsuit include "The Lincoln Lawyer" writer Michael Connelly and lawyer-novelists David Baldacci and Scott Turow.

An anonymous reader quotes a report from the Associated Press: The International Criminal Court said Tuesday that it detected "anomalous activity affecting its information systems" last week and took urgent measures to respond. It didn't elaborate on what it called a "cybersecurity incident." Court spokesman Fadi El Abdallah said in a written statement that extra "response and security measures are now ongoing" with the assistance of authorities in the Netherlands, where the court is based. "Looking forward, the Court will be building on existing work presently underway to strengthen its cyber security framework, including accelerating its use of cloud technology," his statement added. The court declined to go into any more detail about the incident, but said that as it "continues to analyze and mitigate the impact of this incident, priority is also being given to ensuring that the core work of the Court continues."

Bankrupt crypto exchange FTX is looking to claw back luxury property and "millions of dollars in fraudulently transferred and misappropriated funds" from the parents of Sam Bankman-Fried, the exchange's disgraced ex-CEO and founder. CNBC reports: In a Monday court filing, lawyers representing the bankruptcy estate of the failed exchange alleged that Allan Joseph Bankman and his wife, Barbara Fried, "exploited their access and influence within the FTX enterprise to enrich themselves, directly and indirectly, by millions of dollars." The lawsuit, which was filed in the U.S. Bankruptcy Court for the District of Delaware, goes on to claim that "despite knowing or blatantly ignoring that the FTX Group was insolvent or on the brink of insolvency," Bankman and Fried discussed with their son the transfer of a $10 million cash gift and a $16.4 million luxury property in The Bahamas.

The suit alleges that as early as 2019, Sam's father also directly participated in efforts to cover up a whistleblower complaint which threatened to "expose the FTX Group as a house of cards." The filing also details emails written by Bankman in which he complained to the FTX US Head of Administration that his annual salary was $200,000, when he was "supposed to be getting $1M/yr." That grievance was ultimately elevated to his son in an email, according to the lawsuit: "Gee, Sam I don't know what to say here. This is the first [I] have heard of the 200K a year salary! Putting Barbara on this."

The filing characterizes the correspondence as Bankman lobbying his son to "massively increase his own salary." Within two weeks, the suit claims that Bankman-Fried had collectively gifted his parents $10 million in funds coming from Alameda, and within three months, the couple was deeded the $16.4 million property in The Bahamas. According to the partially-redacted filing, Bankman-Fried's parents also "pushed for tens of millions of dollars in political and charitable contributions, including to Stanford University, which were seemingly designed to boost Bankman's and Fried's professional and social status." Fried is also accused of encouraging her son and others within the company to avoid, if not violate, federal campaign finance disclosure rules by "engaging in straw donations or otherwise concealing the FTX Group as the source of the contributions."

An anonymous reader quotes a report from TechCrunch: Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services -- establishing the comms watchdog Ofcom as the main Internet regulator -- has been passed by parliament today, paving the way for Royal Assent and the Online Safety Bill becoming law in the coming days. Speaking during the bill's final stages in the House of Lords, Lord Parkinson of Whitley Bay reiterated that the government's intention for the legislation is "to make the UK the safest place in the world to be online, particularly for children." Following affirmative votes as peers considered some last stage amendments he added that attention now moves "very swiftly to Ofcom who stand ready to implement this -- and do so swiftly."

The legislation empowers Ofcom to levy fines of up to 10% (or up to 18 million pounds whichever is higher) of annual turnover for violations of the regime. The Online Safety (nee Harms) Bill has been years in the making as UK policymakers have grappled with how to response to a range of online safety concerns. In 2019 these efforts manifested as a white paper with a focus on rules for tackling illegal content (such as terrorism and CSAM) but also an ambition to address a broad sweep of online activity that might be considered harmful, such as violent content and the incitement of violence; encouraging suicide; disinformation; cyber bullying; and adult material being accessed by children. The effort then morphed into a bill that was finally published in May 2021. [...]

In a brief statement the UK's new web content sheriff gave no hint of the complex challenges that lie ahead -- merely welcoming the bill's passage through parliament and stating that it stands ready to implement the new rulebook. "Today is a major milestone in the mission to create a safer life online for children and adults in the UK. Everyone at Ofcom feels privileged to be entrusted with this important role, and we're ready to start implementing these new laws," said Dame Melanie Dawes, Ofcom's CEO. "Very soon after the Bill receives Royal Assent, we'll consult on the first set of standards that we'll expect tech firms to meet in tackling illegal online harms, including child sexual exploitation, fraud and terrorism." Beyond specific issues of concern, there is over-arching general worry over the scale of the regulatory burden the legislation will apply to the UK's digital economy -- since the rules apply not only to major social media platforms; scores of far smaller and less well resourced online services must also comply or risk big penalties.

An anonymous reader quotes a report from TechCrunch: Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers "Wazawaka" and "Boriselcin," accusing him of being "a prolific ransomware affiliate" who carried out "significant attacks" against companies and critical infrastructure in the U.S. and elsewhere. The feds also accused him of being a "central figure" in the development and deployment of the notorious ransomware variants like Hive, LockBit, and Babuk. Matveev is such a prominent cybercriminal that the FBI designated him as one of its most wanted hackers. Matveev, who the FBI believes he remains in Russia, is unlikely to face extradition to the United States.

For Matveev, however, life seems to go on so well that he is now taunting the feds by making a T-shirt with his own most wanted poster, and asking his Twitter followers if they want merch. When reached by TechCrunch on X, formerly Twitter, Matveev verified it was really him by showing a picture of his left hand, which has only four fingers, per Matveev's FBI's most wanted page. Matveev also sent a selfie holding a piece of paper with this reporter's name on it.

After he agreed to do an interview, we asked Matveev a dozen questions about his life as a most wanted hacker, but he didn't answer any of them. Instead, he complained that we used the word "hacker." "I don't like this designation -- hacker, we are a separate type of specialist, practical and using our knowledge and resources without water and writing articles," he wrote in an X direct message. "I was interested only in terms of financial motivation, roughly speaking, I was thinking about what to do, sell people or become. it, [sic] let me tell you how I lost my finger?" At that point, Matveev stopped answering messages.

An anonymous reader quotes a report from Reuters: The U.S. Justice Department on Monday objected to removing the public from the court during some discussions of how Google prices online advertising, one of the issues at the heart of the antitrust trial under way in Washington. The government is seeking to show that Alphabet's Google broke antitrust law to maintain its dominance in online search. The search dominance led to fast-increasing advertising revenues that made Google a $1 trillion company. [Throughout the trial, Google's defense is that its high market share reflects the quality of its product rather than any illegal actions to build monopolies in some aspects of its business.]

David Dahlquist, speaking for the government, pointed to a document that was redacted that had a short back and forth about Google's pricing for search advertising. Dahlquist then argued to Judge Amit Mehta, who will decide the case, that information like the tidbit in the document should not be redacted. "This satisfies public interest because it's at the core of the DOJ case against Google," he said. Speaking for Google, John Schmidtlein urged that all discussions of pricing be in a closed session, which means the public and reporters must leave the courtroom. [...]

Case in point was testimony given early Monday by a Verizon executive, Brian Higgins, about the company's decision to always pre-install Google's Chrome browser with Google search on its mobile phones. After about 30 minutes of testimony, Higgins' testimony was closed for the next two hours. It's possible that he was asked about Google's payments to Verizon but the public will never know. Those payments -- which the government said are $10 billion annually to mobile carriers and others -- helped the California-based tech giant win powerful default positions on smartphones and elsewhere.

A federal judge has granted a request to block the California Age-Appropriate Design Code Act (CAADCA), a law that requires special data safeguards for underage users online. The Verge reports: In a ruling (PDF) issued today, Judge Beth Freeman granted a preliminary injunction for tech industry group NetChoice, saying the law likely violates the First Amendment. It's the latest of several state-level internet regulations to be blocked while a lawsuit against them proceeds, including some that are likely bound for the Supreme Court. The CAADCA is meant to expand on existing laws -- like the federal COPPA framework -- that govern how sites can collect data from children. But Judge Freeman objected to several of its provisions, saying they would unlawfully target legal speech. "Although the stated purpose of the Act -- protecting children when they are online -- clearly is important, NetChoice has shown that it is likely to succeed on the merits of its argument that the provisions of the CAADCA intended to achieve that purpose do not pass constitutional muster," wrote Freeman.

Freeman cites arguments made by legal writer Eric Goldman, who argued that the law would force sites to erect barriers for children and adults alike. Among other things, the ruling takes issue with the requirement that sites estimate visitors' ages to detect underage users. The provision is ostensibly meant to cut down on the amount of data collected about young users, but Freeman notes that it could involve invasive technology like face scans or analyzing biometric information -- ironically requiring users to provide more personal information.

The law offers sites an alternative of making data collection for all users follow the standards for minors, but Freeman found that this would also chill legal speech since part of the law's goal is to avoid targeted advertising that would show objectionable content to children. "Data and privacy protections intended to shield children from harmful content, if applied to adults, will also shield adults from that same content," Freeman concluded.