An anonymous reader quotes a report from the New York Times: The trailer for "Annapoorani: The Goddess of Food" promised a sunny if melodramatic story of uplift in a south Indian temple town. A priest's daughter enters a cooking tournament, but social obstacles complicate her inevitable rise to the top. Annapoorani's father, a Brahmin sitting at the top of Hindu society's caste ladder, doesn't want her to cook meat, a taboo in their lineage. There is even the hint of a Hindu-Muslim romantic subplot. On Thursday, two weeks after the movie premiered, Netflix abruptly pulled it from its platform. An activist, Ramesh Solanki, a self-described "very proud Hindu Indian nationalist," had filed a police complaint arguing that the film was "intentionally released to hurt Hindu sentiments." He said it mocked Hinduism by "depicting our gods consuming nonvegetarian food."

The production studio quickly responded with an abject letter to a right-wing group linked to the government of Prime Minister Narendra Modi, apologizing for having "hurt the religious sentiments of the Hindus and Brahmins community." The movie was soon removed from Netflix both in India and around the world, demonstrating the newfound power of Hindu nationalists to affect how Indian society is depicted on the screen. Nilesh Krishnaa, the movie's writer and director, tried to anticipate the possibility of offending some of his fellow Indians. Food, Brahminical customs and especially Hindu-Muslim relations are all part of a third rail that has grown more powerfully electrified during Mr. Modi's decade in power. But, Mr. Krishnaa told an Indian newspaper in November, "if there was something disturbing communal harmony in the film, the censor board would not have allowed it."

With "Annapoorani," Netflix appears to have in effect done the censoring itself even when the censor board did not. In other cases, Netflix now seems to be working with the board unofficially, though streaming services in India do not fall under the regulations that govern traditional Indian cinema. For years, Netflix ran unredacted versions of Indian films that had sensitive parts removed for their theatrical releases -- including political messages that contradicted the government's line. Since last year, though, the streaming versions of movies from India match the versions that were censored locally, no matter where in the world they are viewed. [...] Nikhil Pahwa, a co-founder of the Internet Freedom Foundation, thinks the streaming companies are ready to capitulate: "They're unlikely to push back against any kind of bullying or censorship, even though there is no law in India" to force them.

Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy. From a report: The Chinese government's actions targeting a tool that Apple customers around the world use to share photos and documents -- and Apple's apparent inaction to address the flaws -- revive longstanding concerns by US lawmakers and privacy advocates about Apple's relationship with China and about authoritarian regimes' ability to twist US tech products to their own ends.

AirDrop lets Apple users who are near each other share files using a proprietary mix of Bluetooth and other wireless connectivity without having to connect to the internet. The sharing feature has been used by pro-democracy activists in Hong Kong and the Chinese government has cracked down on the feature in response. A Chinese tech firm, Beijing-based Wangshendongjian Technology, was able to compromise AirDrop to identify users on the Beijing subway accused of sharing "inappropriate information," judicial authorities in Beijing said this week. Although Chinese officials portrayed the exploit as an effective law enforcement technique, internet freedom advocates are urging Apple to address the issue quickly and publicly.

An anonymous reader quotes a report from The Guardian: Joe Biden's administration has unveiled $623 million in funding to boost the number of electric vehicle charging points in the U.S., amid concerns that the transition to zero-carbon transportation isn't keeping pace with goals to tackle the climate crisis. The funding will be distributed in grants for dozens of programs across 22 states, such as EV chargers for apartment blocks in New Jersey, rapid chargers in Oregon and hydrogen fuel chargers for freight trucks in Texas. In all, it's expected the money, drawn from the bipartisan infrastructure law, will add 7,500 chargers to the US total.

There are about 170,000 electric vehicle chargers in the U.S., a huge leap from a network that was barely visible prior to Biden taking office, and the White House has set a goal for 500,000 chargers to help support the shift away from gasoline and diesel cars. "The U.S. is taking the lead globally on electric vehicles," said Ali Zaidi, a climate adviser to Biden who said the US is on a trajectory to "meet and exceed" the administration's charger goal. "We will continue to see this buildout over the coming years and decades until we've achieved a fully net zero transportation sector," he added. On Thursday, the House approved legislation to undo a Biden administration rule meant to facilitate the proliferation of EV charging stations. "S. J. Res. 38 from Sen. Marco Rubio (R-Fla.), would scrap a Federal Highway Administration waiver from domestic sourcing requirements for EV chargers funded by the 2021 bipartisan infrastructure law. It already passed the Senate 50-48," reports Politico.

"A waiver undercuts domestic investments and risks empowering foreign nations," said Rep. Sam Graves (R-Mo.), chair of the Transportation and Infrastructure Committee, during House debate Thursday. "If the administration is going to continue to push for a massive transition to EVs, it should ensure and comply with Buy America requirements." The White House promised to veto it and said it would backfire, saying it was so poorly worded it would actually result in fewer new American-made charging stations.

E-commerce giant eBay agreed to pay a $3 million penalty for the harassment and stalking of a Massachusetts couple by several of its employees. "The couple, Ina and David Steiner, had been subjected to threats and bizarre deliveries, including live spiders, cockroaches, a funeral wreath and a bloody pig mask in August 2019," reports CBS News. From the report: Thursday's fine comes after several eBay employees ran a harassment and intimidation campaign against the Steiners, who publish a news website focusing on players in the e-commerce industry. "eBay engaged in absolutely horrific, criminal conduct. The company's employees and contractors involved in this campaign put the victims through pure hell, in a petrifying campaign aimed at silencing their reporting and protecting the eBay brand," Levy said. "We left no stone unturned in our mission to hold accountable every individual who turned the victims' world upside-down through a never-ending nightmare of menacing and criminal acts."

The Justice Department criminally charged eBay with two counts of stalking through interstate travel, two counts of stalking through electronic communications services, one count of witness tampering and one count of obstruction of justice. The company agreed to pay $3 million as part of a deferred prosecution agreement. Under the agreement, eBay will be required to retain an independent corporate compliance monitor for three years, officials said, to "ensure that eBay's senior leadership sets a tone that makes compliance with the law paramount, implements safeguards to prevent future criminal activity, and makes clear to every eBay employee that the idea of terrorizing innocent people and obstructing investigations will not be tolerated," Levy said.

Former U.S. Attorney Andrew Lelling said the plan to target the Steiners, which he described as a "campaign of terror," was hatched in April 2019 at eBay. Devin Wenig, eBay's CEO at the time, shared a link to a post Ina Steiner had written about his annual pay. The company's chief communications officer, Steve Wymer, responded: "We are going to crush this lady." About a month later, Wenig texted: "Take her down." Prosecutors said Wymer later texted eBay security director Jim Baugh. "I want to see ashes. As long as it takes. Whatever it takes," Wymer wrote. Investigators said Baugh set up a meeting with security staff and dispatched a team to Boston, about 20 miles from where the Steiners live. "Senior executives at eBay were frustrated with the newsletter's tone and content, and with the comments posted beneath the newsletter's articles," the Department of Justice wrote in its Thursday announcement. Two former eBay security executives were sentenced to prison over the incident.

Google formally endorsed the concept of right to repair Thursday and is set to testify in favor of a strong right to repair bill in Oregon later Thursday, a massive step forward for the right to repair movement. 404 Media: "Google believes that users should have more control over repair -- including access to the same documentation, parts and tools that original equipment manufacturer (OEM) repair channels have -- which is often referred to as 'Right to Repair,'" Google's Steven Nickel wrote in a white paper published Thursday.

Crucially, Google specifically says that regulators should ban "parts pairing," which is a tactic used by Apple, John Deere, and other major manufacturers to artificially restrict which repair parts can be used with a given device: "Policies should constrain OEMs from imposing unfair anti-repair practices. For example, parts-pairing, the practice of using software barriers to obstruct consumers and independent repair shops from replacing components, or other restrictive impediments to repair should be discouraged," the white paper says.

Stephen Harrison, an Englishman living in Thailand who posed as chief executive Steven Reece Lewis for the launch of the HyperVerse crypto scheme, told the Guardian Australia that he was paid to play the role of chief executive but denies having 'pocketed' any of the money lost. He says he received 180,000 Thai baht (about $7,500) over nine months and a free suit, adding that he was "shocked" to learn the company had presented him as having fake credentials to promote the scheme. From the report: He said he felt sorry for those who had lost money in relation to the scheme -- which he said he had no role in -- an amount Chainalysis estimates at US$1.3 billion in 2022 alone. "I am sorry for these people," he said. "Because they believed some idea with me at the forefront and believed in what I said, and God knows what these people have lost. And I do feel bad about this. "I do feel deeply sorry for these people, I really do. You know, it's horrible for them. I just hope that there is some resolution. I know it's hard to get the money back off these people or whatever, but I just hope there can be some justice served in all of this where they can get to the bottom of this." He said he wanted to make clear he had "certainly not pocketed" any of the money lost by investors.

Harrison, who at the time was a freelance television presenter engaged in unpaid football commentary, said he had been approached and offered the HyperVerse work by a friend of a friend. He said he was new to the industry and had been open to picking up more work and experience as a corporate "presenter." "I was told I was acting out a role to represent the business and many people do this," Harrison said. He said he trusted his agent and accepted that. After reading through the scripts he said he was initially suspicious about the company he was hired to represent because he was unfamiliar with the crypto industry, but said he had been reassured by his agent that the company was legitimate. He said he had also done some of his own online research into the organization and found articles about the Australian blockchain entrepreneur and HyperTech chairman Sam Lee. "I went away and I actually looked at the company because I was concerned that it could be a scam," Harrison said. "So I looked online a bit and everything seemed OK, so I rolled with it." The HyperVerse crypto scheme was promoted by Lee and his business partner Ryan Xu, both of which were founders of the collapsed Australian bitcoin company Blockchain Global. "Blockchain Global owes creditors $58 million and its liquidator has referred Xu and Lee to the Australian Securities and Investments Commission for alleged possible breaches of the Corporations Act," reports The Guardian. "Asic has said it does not intend to take action at this time."

Rodney Burton, known as "Bitcoin Rodney," was arrested and charged in the U.S on Monday for his alleged role in promoting the HyperVerse crypto scheme. The IRS alleges Burton was "part of a network that made 'fraudulent' presentations claiming high returns for investors based on crypto-mining operations that did not exist," reports The Guardian.

Karl Bode, reporting for TechDirt: Back in 2019 we noted how the streaming sector risked driving consumers back to piracy if they didn't heed the lessons of the past. We explored how the rush to raise rates, nickel-and-dime users, implement arbitrary restrictions, and force users toward hunting and pecking their way through a confusing platter of exclusives and availability windows risked driving befuddled users back to piracy. And lo and behold, that's exactly what's happening.

After several decades of kicking and screaming, studio and music execs somewhere around 2010 finally realized they needed to offer users affordable access to easy-to-use online content resources. They finally realized they needed to compete with piracy and focus on consumer satisfaction whether they liked the concept or not. And unsurprisingly, once they learned that lesson piracy began to dramatically decrease. That was until 2021, when piracy rates began to climb slowly upward again in the U.S. and EU. As the Daily Beast notes, users have grown increasingly frustrated at having to hunt and peck through a universe of different, often terrible streaming services just to find a single film or television program.

As every last broadcaster, cable company, broadband provider, and tech company got into streaming they began to lock down "must watch" content behind an ever-shifting number of exclusivity silos, across an ocean of sometimes substandard "me too" services. Initially competition worked, but as the market saturated and the most powerful companies started to silo content, those benefits have been muted. Now users have to hunt and peck between Disney+, Netflix, Starz, Max, Apple+, Acorn, Paramount+, Hulu, Peacock, Amazon Prime, and countless other services in the hopes that a service has the rights to a particular film or program. When you already pay for five different services, you're not keen to sign up to fucking Starz just to watch a single 90s film. And availability is constantly shifting, confusing things further.

According to Bloomberg, Apple's AirDrop feature has been cracked by a Chinese state-backed institution to identify senders who share "undesirable content". MacRumors reports: AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.

According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. "It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.

It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.

With the approval of new rule change applications, the SEC is now allowing bitcoin ETFs to be traded in the United States.



UPDATE: The SEC said that the announcement about bitcoin ETFs on social media was incorrect, and that its X account was compromised. "The SEC's @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff," an SEC spokesperson told CNBC.

"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products," said SEC Chair Gary Gensler in a post on X. From the original CNBC article: The decision will likely lead to the conversion of the Grayscale Bitcoin Trust, which holds about $29 billion of the cryptocurrency, into an ETF, as well as the launch of competing funds from mainstream issuers like BlackRock's iShares. The approval could prove to be a landmark event in the adoption of cryptocurrency by mainstream finance, as the ETF structure gives institutions and financial advisors a familiar and regulated way to buy exposure to bitcoin.

The SEC has for years opposed a so-called spot bitcoin fund, with several firms filing and then withdrawing applications for ETFs in the past. SEC Chair Gary Gensler has been an outspoken critic of crypto during his tenure. However, the regulator appeared to change course on the ETF question in 2023, possibly due in part to an August loss to Grayscale in court which criticized the SEC for blocking bitcoin ETFs while allowing funds that track bitcoin futures.

The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users' sensitive location data, the federal regulator said Tuesday. From a report: The first of its kind settlement prohibits X-Mode, now known as Outlogic, from sharing and selling users' sensitive information to others. The settlement will also require the data broker to delete or destroy all the location data it previously collected, along with any products produced from this data, unless the company obtains consumer consent or ensures the data has been de-identified. X-Mode buys and sells access to the location data collected from ordinary phone apps. While just one of many organizations in the multibillion-dollar data broker industry, X-Mode faced scrutiny for selling access to the commercial location data of Americans' past movements to the U.S. government and military contractors. Soon after, Apple and Google told developers to remove X-Mode from their apps or face a ban from the app stores.

Press2ToContinue writes: England's 1,000-year-old legal system -- still steeped in traditions that include wearing wigs and robes -- has taken a cautious step into the future by giving judges permission to use artificial intelligence to help produce rulings . The Courts and Tribunals Judiciary last month said AI could help write opinions but stressed it shouldn't be used for research or legal analyses because the technology can fabricate information and provide misleading, inaccurate and biased information.

"Judges do not need to shun the careful use of AI," said Master of the Rolls Geoffrey Vos, the second-highest ranking judge in England and Wales. "But they must ensure that they protect confidence and take full personal responsibility for everything they produce." At a time when scholars and legal experts are pondering a future when AI could replace lawyers, help select jurors or even decide cases, the approach spelled out Dec. 11 by the judiciary is restrained. But for a profession slow to embrace technological change, it's a proactive step as government and industry -- and society in general -- react to a rapidly advancing technology alternately portrayed as a panacea and a menace.

Alphabet's Google is set to go before a federal jury in Boston on Tuesday in a trial over accusations that processors it uses to power AI technology in key products infringe a computer scientist's patents. From a report: Singular Computing, founded by Massachusetts-based computer scientist Joseph Bates, claims Google copied his technology and used it to support AI features in Google Search, Gmail, Google Translate and other Google services. A Google court filing said that Singular has requested up to $7 billion in monetary damages, which would be more than double the largest-ever patent infringement award in U.S. history.

Google spokesperson Jose Castaneda called Singular's patents "dubious" and said that Google developed its processors "independently over many years." "We look forward to setting the record straight in court," Castaneda said.

An anonymous reader quotes a report from Reuters: The administration of U.S. President Joe Biden will release a final rule as soon as this week that will make it more difficult for companies to treat workers as independent contractors rather than employees that typically cost a company more, an administration official said. The U.S. Department of Labor rule, which was first proposed in 2022 and is likely to face legal challenges, will require that workers be considered employees entitled to more benefits and legal protections than contractors when they are "economically dependent" on a company.

A range of industries will likely be affected by the rule, which will take effect later this year, but its potential impact on app-based services that rely heavily on contract workers has garnered the most attention. Shares of Uber, Lyft and DoorDash all tumbled at least 10% when the draft rule was proposed in October 2022. The rule is among regulations with the most far-reaching impacts issued by the Labor Department office that enforces U.S. wage laws, according to Marc Freedman, vice president at the U.S. Chamber of Commerce, the largest U.S. business lobby. But he said the draft version of the rule provides little guidance to companies on where to draw the line between employees and contractors. "Economic dependence is an elusive concept that in some cases may end up being defined by the eyes of the beholder," Freedman said.

The Labor Department in the proposed rule said it would consider factors such as a worker's "opportunity for profit or loss, investment, permanency, the degree of control by the employer over the worker, (and) whether the work is an integral part of the employer's business." The rule replaces a Trump administration regulation that said workers who own their own businesses or have the ability to work for competing companies, such as a driver who works for Uber and Lyft, can be treated as contractors. [...] The Biden administration has said the Trump-era rule violated U.S. wage laws and was out of step with decades of federal court decisions, and worker advocates have said a more strict standard was necessary to combat the rampant misclassification of workers in some industries.

"The famed and mysterious disappearance of D.B. Cooper has puzzled investigators for over half a century," writes a Seattle TV station. Now new evidence is coming to light in the supposed "skyjacking," after a microscopic piece of metal found on D. B. Cooper's tie could help reveal his true identity. "Considering the totality of all that has been uncovered in the last year with respect to DB Cooper's tie, I can say with a very high degree of certainty that DB Cooper worked for Crucible Steel," said independent investigator Eric Ulis.
"I would not be surprised at all if 2024 was the year we figure out who this guy was," Ulis told another local Seattle news station: This particle is part stainless steel, part titanium... 18 months ago, Ulis used U.S. patents to trace three of these fragments from the same very tie to a specific plant in Pennsylvania, Crucible Steel. "Headquartered in the suburbs of Pittsburgh, a significant subcontractor all throughout the 1960s," said Ulis. "It supplied the lion's share of titanium and stainless steel for Boeing's aircraft...."

Ulis claims evidence points to Cooper having in-depth knowledge of the 727 he hijacked, and of the Seattle area. Workers at Crucible Steel were known to travel and visit their contractor, Boeing. "This is also the time, 1971, when Boeing had this significant downturn, the big depression, with 'The last person leaving Seattle, please turn out the lights' [billboard sign]," said Ulis. "It's reasonable to deduce that D. B. Cooper may well have been part of that downturn."

Ulis admits his findings are not yet concrete. He's not crossing any suspects off the list. However, he believes from what he's seen, all roads lead to titanium research engineer Vince Peterson from Pittsburgh.
It all reminds me of that episode of Prison Break where they suspect one of the prisoners is secretly D.B. Cooper...

Today America's Federal Aviation Administration "ordered the temporary grounding of Boeing 737 Max 9 aircraft," reports CNN, identifying the aircraft as "the model involved in an Alaska Airlines emergency landing in Oregon on Friday after a section of the plane apparently blew out in midflight." A passenger's video posted to social media shows a side section of the fuselage, where a window would have been, missing — exposing passengers to the outside air. The video, which appears to have been taken from several rows behind the incident, shows oxygen masks deployed throughout the airplane, and least two people sitting near and just behind the missing section...

The plane "landed safely back at Portland International Airport with 171 guests and six crew members," the airline said... According to FlightAware, the flight was airborne for about 20 minutes.
"There was a really loud bang toward the rear of the plane and a whoosh noise," one passenger told a local news station — and then "all of the masks dropped."

Long-time Slashdot reader ArchieBunker shares more details from the BBC: Diego Murillo said the gap was "as wide as a refrigerator".

Fellow passenger Elizabeth Lee added: "Part of the plane was missing and the wind was just extremely loud. but everyone was in their seats and had their belt on."

Jessica Montoia described the flight as a "trip from hell" adding a phone was taken out of a man's hand by the wind.
CNN covers the federal response: The FAA said the planes must be parked until emergency inspections are performed, which will "take around four to eight hours per aircraft."

"The FAA is requiring immediate inspections of certain Boeing 737 MAX 9 planes before they can return to flight," FAA Administrator Mike Whitaker said Saturday in a statement. "Safety will continue to drive our decision-making as we assist the (National Transportation Safety Board's) investigation into Alaska Airlines Flight 1282." The order impacts 171 Boeing 737 Max 9 jets, the agency approximates....

Boeing said the company supported the FAA's grounding decision. "Safety is our top priority and we deeply regret the impact this event has had on our customers and their passengers," Boeing said in a statement
Thanks to long-time Slashdot reader lsllll for sharing the news.

CNN reports that some Verizon customers "might have found an unexpected surprise in the mail this week: An opportunity to receive a refund as part of a proposed $100 million settlement from a class-action lawsuit." Eligible customers are receiving postcards or emails alerting them to file a claim by April 15 to receive up to $100, which is the result of the lawsuit accusing Verizon of charging fees that were "unfair and not adequately disclosed."

At issue is Verizon's "administrative charge," which the plaintiffs said were "misleading" because that fee wasn't disclosed in their plan's advertised monthly price and were charged in a "deceptive and unfair manner." Verizon has denied the claims and said in a statement that it "clearly identifies and describes its wireless consumer admin charge multiple times during the sales transaction, as well as in its marketing, contracts and billing." A company spokesperson said that the charge "helps our company recover certain regulatory compliance and network related costs."
"The payout is at least $15," adds CNN, "and might be more depending on how long the customer used Verizon and the number of customers who file a claim."

An anonymous reader quotes a report from Reuters: Russian hackers were inside Ukrainian telecoms giant Kyivstar's system from at least May last year in a cyberattack that should serve as a "big warning" to the West, Ukraine's cyber spy chief told Reuters. The hack, one of the most dramatic since Russia's full-scale invasion nearly two years ago, knocked out services provided by Ukraine's biggest telecoms operator for some 24 million users for days from Dec. 12. In an interview, Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department, disclosed exclusive details about the hack, which he said caused "disastrous" destruction and aimed to land a psychological blow and gather intelligence. "This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable," he said. He noted Kyivstar was a wealthy, private company that invested a lot in cybersecurity.

The attack wiped "almost everything", including thousands of virtual servers and PCs, he said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator." During its investigation, the SBU found the hackers probably attempted to penetrate Kyivstar in March or earlier, he said in a Zoom interview on Dec. 27. "For now, we can say securely, that they were in the system at least since May 2023," he said. "I cannot say right now, since what time they had ... full access: probably at least since November." The SBU assessed the hackers would have been able to steal personal information, understand the locations of phones, intercept SMS-messages and perhaps steal Telegram accounts with the level of access they gained, he said. A Kyivstar spokesperson said the company was working closely with the SBU to investigate the attack and would take all necessary steps to eliminate future risks, adding: "No facts of leakage of personal and subscriber data have been revealed."

Investigating the attack is harder because of the wiping of Kyivstar's infrastructure. Vitiuk said he was "pretty sure" it was carried out by Sandworm, a Russian military intelligence cyberwarfare unit that has been linked to cyberattacks in Ukraine and elsewhere. A year ago, Sandworm penetrated a Ukrainian telecoms operator, but was detected by Kyiv because the SBU had itself been inside Russian systems, Vitiuk said, declining to identify the company. The earlier hack has not been previously reported. Vitiuk said SBU investigators were still working to establish how Kyivstar was penetrated or what type of trojan horse malware could have been used to break in, adding that it could have been phishing, someone helping on the inside or something else. If it was an inside job, the insider who helped the hackers did not have a high level of clearance in the company, as the hackers made use of malware used to steal hashes of passwords, he said. Samples of that malware have been recovered and are being analysed, he added.

An anonymous reader quotes a report from the New York Times: The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company's strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter. The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company's devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active. Specifically, investigators have examined how the Apple Watch works better with the iPhone than with other brands, as well as how Apple locks competitors out of its iMessage service. They have also scrutinized Apple's payments system for the iPhone, which blocks other financial firms from offering similar services, these people said.

The Justice Department is closing in on what would be the most consequential federal antitrust lawsuit challenging Apple, which is the most valuable tech company in the world. If the lawsuit is filed, American regulators will have sued four of the biggest tech companies for monopolistic business practices in less than five years. The Justice Department is currently facing off against Google in two antitrust cases, focused on its search and ad tech businesses, while the Federal Trade Commission has sued Amazon and Meta for stifling competition. The Apple suit would likely be even more expansive than previous challenges to the company, attacking its powerful business model that draws together the iPhone with devices like the Apple Watch and services like Apple Pay to attract and keep consumers loyal to its products. Rivals have said that they have been denied access to key Apple features, like the Siri virtual assistant, prompting them to argue the practices are anticompetitive.

Google is collecting the eyelid shape and skin tone of children via parent submitted videos, according to a project description online reviewed by 404 Media. From the report: Canadian tech conglomerate TELUS, which says it is working on Google's behalf, is offering parents $50 to film their children wearing various props such as hats or sunglasses as part of the project, the description adds. The project shows the methods some companies are using to build machine learning, artificial intelligence, or facial recognition datasets and products. Rather than scraping already existing images or analyzing previously collected material, TELUS, and by extension Google, is asking the public to contribute directly and get paid in return. Google told 404 Media the collection was part of the company's efforts to verify users' age.

A cartel in the embattled central Mexico state of Michoacan set up its own makeshift internet antennas and told locals they had to pay to use its wifi service or they would be killed, according to prosecutors. New submitter awwshit shares a story: Dubbed "narco-antennas" by local media, the cartel's system involved internet antennas set up in various towns built with stolen equipment. The group charged approximately 5,000 people elevated prices between 400 and 500 pesos ($25 and $30) a month, the Michoacan state prosecutor's office told the Associated Press. That meant the group could rake in about $150,000 a month. People were terrorized "to contract the internet services at excessive costs, under the claim that they would be killed if they did not," prosecutors said, though they did not report any such deaths. Local media identified the criminal group as a faction known as Los Viagras. Prosecutors declined to say which cartel was involved because the case was still under investigation, but they confirmed Los Viagras dominates the towns forced to make the wifi payments.

Alex Hern reports via the Guardian: The email newsletter service Substack is facing a user revolt after its chief executive defended hosting and handling payments for "Nazis" on its platform, citing anti-censorship reasons. In a note on the site published in December, the chief executive, Hamish McKenzie, said the firm "doesn't like Nazis," and wished "no one held these views." But he said the company did not think that censorship -- by demonetising sites that publish extreme views -- was a solution to the problem, and instead made it worse. Some of the largest newsletters on the service have threatened to take their business elsewhere if Substack does not reverse its stance.

On Tuesday Casey Newton, who writes Platformer -- a popular tech newsletter on the platform with thousands of subscribers paying at least $10 a month -- became the most prominent yet. [...] Substack takes a 10% cut of subscriptions from paid newsletters, meaning the loss of Platformer alone could represent six figures of revenue. Other newsletters have already made the jump. Talia Lavin, a journalist with thousands of paid subscribers on her newsletter The Sword and the Sandwich, moved to a competing service, Buttondown, on Tuesday. Substack's leadership team said in a statement: "As we face growing pressure to censor content published on Substack that to some seems dubious or objectionable, our answer remains the same: we make decisions based on principles not PR, we will defend free expression, and we will stick to our hands-off approach to content moderation."

Alexander Martin reports via The Record: The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country's armed forces after a neighbor alerted the police to the message 'Slava Ukraini' scrolling across their LED curtains. When police went to the scene, they saw the garland which the owner had hung in celebration of the New Year and a "slogan glorifying the Armed Forces of Ukraine," as a spokesperson for the Ministry of Internal Affairs told state-owned news agency TASS. The apartment owner said the garland was supposed to display a "Happy New Year" greeting, TASS reported.

Several other people in Russia described a similar experience on the AlexGyver web forum, linked to a DIY blog popular in the country. They said at the stroke of midnight on New Year's Eve, their LED curtains also began to show the "Glory to Ukraine" message in Ukrainian. It is not clear whether any of these other posters were also arrested. The man in Veliky Novgorod will have to defend his case in court, according to TASS. Police have seized the curtain itself.

An independent investigation into the cause of the message by the AlexGyver forum users found that affected curtains all used the same open-source firmware code. The original code appears to have originated in Ukraine before someone created a fork translated into Russian. According to the Telegram channel for AlexGyver, the code had been added to the original project on October 18, and then in December the people or person running the fork copied and pasted that update into their own version. "Everyone who downloaded and updated the firmware in December received a gift," the Telegram channel wrote. The message was "really encrypted, hidden from the 'reader' of the code, and is displayed on the first day of the year exclusively for residents of Russia by [geographic region]."

A federal criminal complaint has revealed that state and local agencies in New Jersey bought millions of dollars worth of banned Chinese surveillance cameras. The cameras were purchased from a local company that rebranded the banned equipment made by Dahua Technology, a company that has been implicated in the surveillance of the Uyghur people in Xinjiang. According to 404 Media, "At least $15 million of the equipment was bought using federal COVID relief funds." From the report: The feds charged Tamer Zakhary, the CEO of the New Jersey-based surveillance company Packetalk, with three counts of wire fraud and a separate count of false statements for repeatedly lying to state and local agencies about the provenance of his company's surveillance cameras. Some of the cameras Packetalk sold to local agencies were Dahua cameras that had the Dahua logo removed and the colors of the camera changed, according to the criminal complaint.

Dahua Technology is the second largest surveillance camera company in the world. In 2019, the U.S. government banned the purchase of Dahua cameras using federal funds because their cameras have "been implicated in human rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uyghurs, Kazakhs, and other members of Muslim minority groups in Xingjiang." The FCC later said that Dahua cameras "pose an unacceptable risk to U.S. national security." Dahua is not named in the federal complaint, but [404 Media's Jason Koebler] was able to cross-reference details in the complaint with Dahua and was able to identify specific cameras sold by Packetalk to Dahua's product.

According to the FBI, Zakhary sold millions of dollars of surveillance equipment, including rebranded Dahua cameras, to agencies all over New Jersey despite knowing that the cameras were illegal to sell to public agencies. Zakhary also specifically helped two specific agencies in New Jersey (called "Victim Agency-1" and "Victim Agency-2" in the complaint) justify their purchases using federal COVID relief money from the CARES Act, according to the criminal complaint. The feds allege, essentially, that Zakhary tricked local agencies into buying banned cameras using COVID funds: "Zakhary fraudulently misrepresented to the Public Safety Customers that [Packetalk's] products were compliant with Section 889 of the John S. McCain National Defense Authorization Act for 2019 [which banned Dahua cameras], when, in fact, they were not," the complaint reads. "As a result of Zakhary's fraudulent misrepresentations, the Public Safety Customers purchased at least $35 million in surveillance cameras and equipment from [Packetalk], over $15 million of which was federal funds and grants."

An anonymous reader quotes a report from TechCrunch: Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any responsibility, according to a letter sent to a group of victims seen by TechCrunch. "Rather than acknowledge its role in this data security disaster, 23andMe has apparently decided to leave its customers out to dry while downplaying the seriousness of these events," Hassan Zavareei, one of the lawyers representing the victims who received the letter from 23andMe, told TechCrunch in an email.

In December, 23andMe admitted that hackers had stolen the genetic and ancestry data of 6.9 million users, nearly half of all its customers. The data breach started with hackers accessing only around 14,000 user accounts. The hackers broke into this first set of victims by brute-forcing accounts with passwords that were known to be associated with the targeted customers, a technique known as credential stuffing. From these 14,000 initial victims, however, the hackers were able to then access the personal data of the other 6.9 million million victims because they had opted-in to 23andMe's DNA Relatives feature. This optional feature allows customers to automatically share some of their data with people who are considered their relatives on the platform. In other words, by hacking into only 14,000 customers' accounts, the hackers subsequently scraped personal data of another 6.9 million customers whose accounts were not directly hacked.

But in a letter sent to a group of hundreds of 23andMe users who are now suing the company, 23andMe said that "users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe." "Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures," the letter reads. [...] 23andMe's lawyers argued that the stolen data cannot be used to inflict monetary damage against the victims. "The information that was potentially accessed cannot be used for any harm. As explained in the October 6, 2023 blog post, the profile information that may have been accessed related to the DNA Relatives feature, which a customer creates and chooses to share with other users on 23andMe's platform. Such information would only be available if plaintiffs affirmatively elected to share this information with other users via the DNA Relatives feature. Additionally, the information that the unauthorized actor potentially obtained about plaintiffs could not have been used to cause pecuniary harm (it did not include their social security number, driver's license number, or any payment or financial information)," the letter read. "This finger pointing is nonsensical," said Zavareei. "23andMe knew or should have known that many consumers use recycled passwords and thus that 23andMe should have implemented some of the many safeguards available to protect against credential stuffing -- especially considering that 23andMe stores personal identifying information, health information, and genetic information on its platform."

"The breach impacted millions of consumers whose data was exposed through the DNA Relatives feature on 23andMe's platform, not because they used recycled passwords," added Zavareei. "Of those millions, only a few thousand accounts were compromised due to credential stuffing. 23andMe's attempt to shirk responsibility by blaming its customers does nothing for these millions of consumers whose data was compromised through no fault of their own whatsoever."

An anonymous reader quotes a report from Gizmodo: Facebook recently rolled out a new "Link History" setting that creates a special repository of all the links you click on in the Facebook mobile app. Users can opt-out, but Link History is turned on by default, and the data is used for targeted ads. The company pitches Link History as a useful tool for consumers "with your browsing activity saved in one place," rather than another way to keep tabs on your behavior. With the new setting you'll "never lose a link again," Facebook says in a pop-up encouraging users to consent to the new tracking method. The company goes on to mention that "When you allow link history, we may use your information to improve your ads across Meta technologies."

Facebook promises to delete the Link History it's created for you within 90 days if you turn the setting off. According to a Facebook help page, Link History isn't available everywhere. The company says it's rolling out globally "over time." This is a privacy improvement in some ways, but the setting raises more questions than it answers. Meta has always kept track of the links you click on, and this is the first time users have had any visibility or control over this corner of the company's internet spying apparatus. In other words, Meta is just asking users for permission for a category of tracking that it's been using for over a decade. Beyond that, there are a number of ways this setting might give users an illusion of privacy that Meta isn't offering. "The Link History doesn't mention anything about the invasive ways Facebook monitors what you're doing once you visit a webpage," notes Gizmodo's Thomas Germain. "It seems the setting only affects Meta's record of the fact that you clicked a link in the first place. Furthermore, Meta links everything you do on Facebook, Instagram, WhatsApp, and its other products. Unlike several of Facebook's other privacy settings, Link History doesn't say that it affects any of Meta's other apps, leaving you with the data harvesting status quo on other parts of Mark Zuckerberg's empire."

"Link History also creates a confusing new regime that establishes privacy settings that don't apply if you access Facebook outside of the Facebook app. If you log in to Facebook on a computer or a mobile browser instead, Link History doesn't protect you. In fact, you can't see the Link History page at all if you're looking at Facebook on your laptop."

An anonymous reader shares a report: A court in Washington, D.C., has been stuck with a tough, maybe impossible question: What does full moon face emoji mean? Let me explain: In the summer of 2022, Ryan Cohen, a major investor in Bed Bath & Beyond, responded to a tweet about the beleaguered retailer with this side-eyed-moon emoji. Later that month, Cohen -- hailed as a "meme king" for his starring role in the GameStop craze -- disclosed that his stake in the company had grown to nearly 12 percent; the stock price subsequently shot up. That week, he sold all of his shares and walked away with a reported $60 million windfall.

Now shareholders are suing him for securities fraud, claiming that Cohen misled investors by using the emoji the way meme-stock types sometimes do -- to suggest that the stock was going "to the moon." A class-action lawsuit with big money on the line has come to legal arguments such as this: "There is no way to establish objectively the truth or falsity of a tiny lunar cartoon," as Cohen's lawyers wrote in an attempt to get the emoji claim dismissed. That argument was denied, and the court held that "emojis may be actionable."

The humble emoji -- and its older cousin, the emoticon -- has infiltrated the corporate world, especially in tech. Last month, when OpenAI briefly ousted Sam Altman and replaced him with an interim CEO, the company's employees reportedly responded with a vulgar emoji on Slack. That FTX, the failed cryptocurrency exchange once run by Sam Bankman-Fried, apparently used these little icons to approve million-dollar expense reports was held up during bankruptcy proceedings as a damning example of its poor corporate controls. And in February, a judge allowed a lawsuit to move forward alleging that an NFT company called Dapper Labs was illegally promoting unregistered securities on Twitter, because "the 'rocket ship' emoji, 'stock chart' emoji, and 'money bags' emoji objectively mean one thing: a financial return on investment."

"This year has been a major turning point in American health care," reports USA Today, "and patients can anticipate several major developments in the new year," including the beginning of a CRISPR "revolution" and "a new reckoning with drug prices that could change the landscape of the U.S. health care system for decades to come." Health care officials expect 2024 to bring a wave of innovation and change in medicine, treatment and public health... Many think 2024 could be the year more people have the tools to follow through on New Year's resolutions about weight loss. If they can afford them and manage to stick with them, people can turn to a new generation of remarkably effective weight-loss drugs, also called GLP-1s, which offer the potential for substantial weight loss...

In 2023, mental health issues became among the nation's most deadly, costly and pervasive health crises... The dearth of remedies has also paved the way for an unsuspecting class of drugs: psychedelics. MDMA, a party drug commonly known as "ecstasy," could win approval for legal distribution in 2024, as a treatment for post-traumatic stress disorder. Another psychedelic, a ketamine derivative eskatemine, sold as Spravato, was approved in 2019 to treat depression, but it is being treated like a conventional therapy that must be dosed regularly, not like a psychedelic that provides a long-lasting learning experience, said Matthew Johnson, an expert in psychedelics at Johns Hopkins University. MDMA (midomafetamine capsules) would be different, as the first true psychedelic to win FDA approval.

In a late-stage trial of patients with moderate or severe post-traumatic stress disorder, close to 90% showed clinically significant improvements four months after three treatments with MDMA and more than 70% no longer met the criteria for having the disorder, which represented "really impressive results," according to Matthew Johnson, an expert in psychedelics at Johns Hopkins University in Maryland. Psilocybin, known colloquially as "magic mushrooms," is also working its way through the federal approval process, but it likely won't come up before officials for another year, Johnson said. Psychedelics are something to keep an eye on in the future, as they're being used to treat an array of mental health issues: eskatimine for depression, MDMA for PTSD and psilocybin for addiction. Johnson said his research suggests that psychedelics will probably have a generalizable benefit across many mental health challenges in the years to come.
2024 will also be the first year America's drug-makers face new limits on how much they can increase prices for drugs covered by the federal health insurance program Medicare.

It was a half a century ago that America passed legislation to protect vanishing species and their habitats — and since then, more than five dozen species have recovered. Just one example: In 1963 only 417 nesting pairs of bald eagles were found in the lower 48 states. But today there's more than 300,000 bald eagles, writes USA Today. "[T]hough its future remains uncertain, many experts say it remains one of the nation's crowning achievements."

But 1,252 species are still listed as endangered in the U.S. — 486 animals, and 766 plants — with 417 more species categorized as "threatened." The perils of the changing climate add urgency to calls for increased funding and more protection. In North Carolina, for example, the rising sea steadily creeps over a refuge that's home to the sole remaining wild red wolf population. Off New England, warming waters forced changes in the foraging habits of the endangered North Atlantic right whale, putting the massive marine mammals in harm's way more often... One in 5 plant and animal species in the nation remain at risk of extinction, says Susan Holmes, executive director of the Endangered Species Coalition. "Loss of habitat and climate change are absolutely some of the most important threats that we have."

"We are at what I would say is a pivotal moment with the threats of climate change," she said. "We have to act faster than ever in order to ensure that these species are going to thrive."

An anonymous reader quotes a report from Bloomberg, written by Naomi Kresge: In the early days of the Covid-19 pandemic, hundreds of scientists from all over the world banded together in an open-source effort to develop an antiviral that would be available for all. They could never have anticipated the many roadblocks they would face along the way, including the Russian invasion of Ukraine, which made refugees out of a group of Kyiv chemists who were doing important work for the project. The group, which called itself Covid Moonshot, hasn't given up on its effort to introduce a more affordable, patent-free treatment for the virus. Their open-source Covid antiviral, now funded by Wellcome, is on track to be ready for human testing within the next year and a half, according to Annette von Delft, a University of Oxford scientist and one of the Moonshot group's leaders. More early discovery work on a range of potential inhibitors for other viruses is also still going on and being funded by a US government grant.

"It's a bit like a proof of concept," von Delft says, for bringing a patent-free experimental drug into the clinic, a model that could be repurposed as a tool to fight neglected tropical diseases or antimicrobial resistance, or prepare for future pandemics. "Can we come up with a strategic model that can help those kinds of compounds with less of a business case along?" Of course, there was definitely a business case for a Covid antiviral, and some of the biggest drugmakers rushed to develop them. In 2022, Pfizer Inc.'s Paxlovid was one of the world's best-selling medicines with $18.9 billion in revenue. Demand has since cratered for the pill, which needs to be given shortly after infection and can't be taken alongside a number of other commonly prescribed medicines. Analysts expect the Paxlovid revenue to plunge just shy of $1 billion this year.

However, there is still a need for a better Covid antiviral, particularly in countries where access to the Pfizer pill is limited, according to von Delft. Covid cases have surged again this holiday season, with the rise of a new variant called JN.1 reminding us that the virus is still changing to evade the immunity we've built up so far. Just before Christmas, UK authorities said about one in every 24 people in England and Scotland had the disease. An accessible antiviral could help people return to work more quickly, and it could also be tested as a potential treatment for long Covid. "We know from experience in viral disease that there will be resistance variants evolving over time," von Delft said. "We'll need more than one."

An anonymous reader quotes a report from SecurityWeek: Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday's cyberattack had not "touched the data of the system," adding that experts were working to discover what consequences the attack could have. It said the system's services would resume at a later time. Local media reported that a cellphone provider and an air flight company were also targeted by Monday's cyberattacks, allegedly from Iranian-based hackers called Homeland Justice, which could not be verified independently.

Albania suffered a cyberattack in July 2022 that the government and multinational technology companies blamed on the Iranian Foreign Ministry. Believed to be in retaliation for Albania sheltering members of the Iranian opposition group Mujahedeen-e-Khalq, or MEK, the attack led the government to cut diplomatic relations with Iran two months later. The Iranian Foreign Ministry denied Tehran was behind an attack on Albanian government websites and noted that Iran has suffered cyberattacks from the MEK. In June, Albanian authorities raided a camp for exiled MEK members to seize computer devices allegedly linked to prohibited political activities. [...] In a statement sent later Tuesday to The Associated Press, MEK's media spokesperson Ali Safavi claimed the reported cyberattacks in Albania "are not related to the presence or activities" of MEK members in the country.

Andy Maxwell reports via TorrentFreak: As the crew of Artemis 2 prepare to become the first humans to fly to the moon since 1972, the possibilities of space travel are once again igniting imaginations globally. More than 92% of internet users who want to learn more about this historic mission and the program in general are statistically likely to use Google search. Behind the scenes, however, the ability to find relevant content is under attack. Blundering DMCA takedown notices sent by a company calling itself DMCA Piracy Prevention Inc. claim to protect the rights of an OnlyFans/Instagram model working under the name 'Artemis'. Instead, keyword-based systems that fail to discriminate between copyright-infringing content and that referencing the word Artemis in any other context, are flooding towards Google. They contain demands to completely deindex non-infringing, unrelated content, produced by innocent third parties all over the world.

A recent deindexing demand dated December 13, 2022, lists DMCA Piracy Prevention Inc. of Canada as the sender. The name of the content owner is redacted but the notice itself states that the company represents a content creator performing under the name Artemis. The notice demands the removal of 3,617 URLs from Google search. If successful, those URLs would be completely unfindable by more than 92% of the world's population who use that search engine. [...] At least 9 of the first 20 URLs in the notice demand the removal of non-infringing articles and news reports referencing the Artemis space program. None have anything to do with the content the sender claims to protect. [...]

Theories as to who might own and/or operate DMCA Piracy Prevention Inc. aren't hard to find but the company does exist and is registered as a corporate entity in Canada. Registered at the same address is a company with remarkably similar details. BranditScan is a corporate entity operating in exactly the same market offering similar if not identical services. BranditScan has sent DMCA takedown notices to Google under three different notifier accounts.

Following policy adjustments by the U.S. Citizenship and Immigration Services (USCIS) in January, more foreign-born workers in science, technology, engineering, and math (STEM) fields are able to live and work permanently in the United States. "The jump comes after USCIS in January 2022 tweaked its guidance criteria relating to two visa categories available to STEM workers," reports Science Magazine. "One is the O-1A, a temporary visa for 'aliens of extraordinary ability' that often paves the way to a green card. The second, which bestows a green card on those with advanced STEM degrees, governs a subset of an EB-2 (employment-based) visa." From the report: The USCIS data, reported exclusively by ScienceInsider, show that the number of O-1A visas awarded in the first year of the revised guidance jumped by almost 30%, to 4570, and held steady in fiscal year 2023, which ended on 30 September. Similarly, the number of STEM EB-2 visas approved in 2022 after a "national interest" waiver shot up by 55% over 2021, to 70,240, and stayed at that level this year. "I'm seeing more aspiring and early-stage startup founders believe there's a way forward for them," says Silicon Valley immigration attorney Sophie Alcorn. She predicts the policy changes will result in "new technology startups that would not have otherwise been created."

President Joe Biden has long sought to make it easier for foreign-born STEM workers to remain in the country and use their talent to spur the U.S. economy. But under the terms of a 1990 law, only 140,000 employment-based green cards may be issued annually, and no more than 7% of those can go to citizens of any one country. The ceiling is well below the demand. And the country quotas have created decades-long queues for scientists and high-tech entrepreneurs born in India and China. The 2022 guidance doesn't alter those limits on employment-based green cards but clarifies the visa process for foreign-born scientists pending any significant changes to the 1990 law. The O-1A work visa, which can be renewed indefinitely, was designed to accelerate the path to a green card for foreign-born high-tech entrepreneurs.

Although there is no cap on the number of O-1A visas awarded, foreign-born scientists have largely ignored this option because it wasn't clear what metrics USCIS would use to assess their application. The 2022 guidance on O-1As removed that uncertainty by listing eight criteria -- including awards, peer-reviewed publications, and reviewing the work of other scientistsâ"and stipulating that applicants need to satisfy at least three of them. The second visa policy change affects those with advanced STEM degrees seeking the national interest waiver for an EB-2. Under the normal process of obtaining such a visa, the Department of Labor requires employers to first satisfy rules meant to protect U.S. workers from foreign competition, for example, by showing that the company has failed to find a qualified domestic worker and that the job will pay the prevailing wage. That time-consuming exercise can be waived if visa applicants can prove they are doing "exceptional" work of "substantial merit and national importance." But once again, the standard for determining whether the labor-force requirements can be waived was vague, so relatively few STEM workers chose that route. The 2022 USCIS guidance not only specifies criteria, which closely track those for the nonimmigrant, O-1A visa, but also allows scientists to sponsor themselves.

An anonymous reader quotes a report from 404 Media: A group of clowns is suing their former employer Clowns.com for multiple labor law violations, according to recently filed court records. Four people -- Brayan Angulo, Cameron Pille, Janina Salorio, and Xander Black -- filed a federal lawsuit on Wednesday alleging Adolph Rodriguez and Erica Barbuto, owners of Clowns.com and their former bosses, misclassified them as independent workers for years, and failed to pay them for their time. The Long Island-based company, which provides entertainers for events, violated the Fair Labor Standards Act and the New York Labor Law, the lawsuit claims.

The owners of Clowns.com didn't give employees detailed pay statements as required by New York law, the lawsuit alleges. "As a result, Plaintiffs did not know how precisely their weekly pay was being calculated, and were thus deprived of information that could be used to challenge and prevent the theft of their wages," it says. The clowns weren't paid for time "spent at the warehouse gathering and loading equipment and supplies into vehicles," or for travel time between parties, or when parties went on for longer than expected, they claim. Pille said she's "proud to join with my clown colleagues" to stand up to wage theft and misclassification. "For years, Clowns.com has treated clowns, who are largely young actors with no prior training in clowning who sign up for this job to make ends meet, as independent contractors."

An anonymous reader quotes a report from Ars Technica: Apple's AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets. Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner's iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn't said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its "Find My" device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they've developed (PDF) a cryptographic scheme to bridge the gap -- prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users. [...]

The solution [Johns Hopkins cryptographer Matt Green] and his fellow researchers came up with leans on two established areas of cryptography that the group worked to implement in a streamlined and efficient way so the system could reasonably run in the background on mobile devices without being disruptive. The first element is "secret sharing," which allows the creation of systems that can't reveal anything about a "secret" unless enough separate puzzle pieces present themselves and come together. Then, if the conditions are right, the system can reconstruct the secret. In the case of AirTags, the "secret" is the true, static identity of the device underlying the public identifier that is frequently changing for privacy purposes. Secret sharing was conceptually useful for the researchers to employ because they could develop a mechanism where a device like a smartphone would only be able to determine that it was being followed around by an AirTag with a constantly rotating public identifier if the system received enough of a certain type of ping over time. Then, suddenly, the suspicious AirTag's anonymity would fall away and the system would be able to determine that it had been in close proximity for a concerning amount of time.

Green notes, though, that a limitation of secret sharing algorithms is that they aren't very good at sorting and parsing inputs if they're being deluged by a lot of different puzzle pieces from all different puzzles -- the exact scenario that would occur in the real world where AirTags and Find My devices are constantly encountering each other. With this in mind, the researchers employed a second concept known as "error correction coding," which is specifically designed to sort signal from noise and preserve the durability of signals even if they acquire some errors or corruptions. "Secret sharing and error correction coding have a lot of overlap," Green says. "The trick was to find a way to implement it all that would be fast, and where a phone would be able to reassemble all the puzzle pieces when needed while all of this is running quietly in the background." The researchers published (PDF) their first paper in September and submitted it to Apple. More recently, they notified the industry consortium about the proposal.

Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over its Chrome browser's Incognito mode. From a report: Arising in the Northern District of California, the lawsuit accused Google of continuing to "track, collect, and identify [users'] browsing data in real time" even when they had opened a new Incognito window. The lawsuit, filed by Florida resident William Byatt and California residents Chasom Brown and Maria Nguyen, accused Google of violating wiretap laws.

It also alleged that sites using Google Analytics or Ad Manager collected information from browsers in Incognito mode, including web page content, device data, and IP address. The plaintiffs also accused Google of taking Chrome users' private browsing activity and then associating it with their already-existing user profiles. Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on Chrome's incognito mode. That warning tells users that their activity "might still be visible to websites you visit."

An anonymous reader shares a report: The Times is targeting various companies under the OpenAI umbrella, as well as Microsoft, an OpenAI partner that both uses it to power its Copilot service and helped provide the infrastructure for training the GPT Large Language Model. But the suit goes well beyond the use of copyrighted material in training, alleging that OpenAI-powered software will happily circumvent the Times' paywall and ascribe hallucinated misinformation to the Times.

The suit notes that The Times maintains a large staff that allows it to do things like dedicate reporters to a huge range of beats and engage in important investigative journalism, among other things. Because of those investments, the newspaper is often considered an authoritative source on many matters. All of that costs money, and The Times earns that by limiting access to its reporting through a robust paywall. In addition, each print edition has a copyright notification, the Times' terms of service limit the copying and use of any published material, and it can be selective about how it licenses its stories.

In addition to driving revenue, these restrictions also help it to maintain its reputation as an authoritative voice by controlling how its works appear. The suit alleges that OpenAI-developed tools undermine all of that. [...] The suit seeks nothing less than the erasure of both any GPT instances that the parties have trained using material from the Times, as well as the destruction of the datasets that were used for the training. It also asks for a permanent injunction to prevent similar conduct in the future. The Times also wants money, lots and lots of money: "statutory damages, compensatory damages, restitution, disgorgement, and any other relief that may be permitted by law or equity."

In October, Apple issued notifications warning over a half dozen India lawmakers of their iPhones being targets of state-sponsored attacks. According to a new report from the Washington Post, the Modi government responded by criticizing Apple's security and demanding explanations to mitigate political impact (Warning: source may be paywalled; alternative source). From the report: Officials from the ruling Bharatiya Janata Party (BJP) publicly questioned whether the Silicon Valley company's internal threat algorithms were faulty and announced an investigation into the security of Apple devices. In private, according to three people with knowledge of the matter, senior Modi administration officials called Apple's India representatives to demand that the company help soften the political impact of the warnings. They also summoned an Apple security expert from outside the country to a meeting in New Delhi, where government representatives pressed the Apple official to come up with alternative explanations for the warnings to users, the people said. They spoke on the condition of anonymity to discuss sensitive matters. "They were really angry," one of those people said.

The visiting Apple official stood by the company's warnings. But the intensity of the Indian government effort to discredit and strong-arm Apple disturbed executives at the company's headquarters, in Cupertino, Calif., and illustrated how even Silicon Valley's most powerful tech companies can face pressure from the increasingly assertive leadership of the world's most populous country -- and one of the most critical technology markets of the coming decade. The recent episode also exemplified the dangers facing government critics in India and the lengths to which the Modi administration will go to deflect suspicions that it has engaged in hacking against its perceived enemies, according to digital rights groups, industry workers and Indian journalists. Many of the more than 20 people who received Apple's warnings at the end of October have been publicly critical of Modi or his longtime ally, Gautam Adani, an Indian energy and infrastructure tycoon. They included a firebrand politician from West Bengal state, a Communist leader from southern India and a New Delhi-based spokesman for the nation's largest opposition party. [...] Gopal Krishna Agarwal, a national spokesman for the BJP, said any evidence of hacking should be presented to the Indian government for investigation.

The Modi government has never confirmed or denied using spyware, and it has refused to cooperate with a committee appointed by India's Supreme Court to investigate whether it had. But two years ago, the Forbidden Stories journalism consortium, which included The Post, found that phones belonging to Indian journalists and political figures were infected with Pegasus, which grants attackers access to a device's encrypted messages, camera and microphone. In recent weeks, The Post, in collaboration with Amnesty, found fresh cases of infections among Indian journalists. Additional work by The Post and New York security firm iVerify found that opposition politicians had been targeted, adding to the evidence suggesting the Indian government's use of powerful surveillance tools. In addition, Amnesty showed The Post evidence it found in June that suggested a Pegasus customer was preparing to hack people in India. Amnesty asked that the evidence not be detailed to avoid teaching Pegasus users how to cover their tracks. "These findings show that spyware abuse continues unabated in India," said Donncha O Cearbhaill, head of Amnesty International's Security Lab. "Journalists, activists and opposition politicians in India can neither protect themselves against being targeted by highly invasive spyware nor expect meaningful accountability."

An anonymous reader quotes a report from the New York Times: The United States and the state of California have reached an agreement in principle with the truck engine manufacturer Cummins on a $1.6 billion penalty to settle claims that the company violated the Clean Air Act by installing devices to defeat emissions controls on hundreds of thousands of engines, the Justice Department announced on Friday. The penalty would be the largest ever under the Clean Air Act and the second largest ever environmental penalty in the United States. Defeat devices are parts or software that bypass, defeat or render inoperative emissions controls like pollution sensors and onboard computers. They allow vehicles to pass emissions inspections while still emitting high levels of smog-causing pollutants such as nitrogen oxide, which is linked to asthma and other respiratory illnesses.

The Justice Department has accused the company of installing defeat devices on 630,000 model year 2013 to 2019 RAM 2500 and 3500 pickup truck engines. The company is also alleged to have secretly installed auxiliary emission control devices on 330,000 model year 2019 to 2023 RAM 2500 and 3500 pickup truck engines. "Violations of our environmental laws have a tangible impact. They inflict real harm on people in communities across the country," Attorney General Merrick Garland said in a statement. "This historic agreement should make clear that the Justice Department will be aggressive in its efforts to hold accountable those who seek to profit at the expense of people's health and safety."

In a statement, Cummins said that it had "seen no evidence that anyone acted in bad faith and does not admit wrongdoing." The company said it has "cooperated fully with the relevant regulators, already addressed many of the issues involved, and looks forward to obtaining certainty as it concludes this lengthy matter. Cummins conducted an extensive internal review and worked collaboratively with the regulators for more than four years." Stellantis, the company that makes the trucks, has already recalled the model year 2019 trucks and has initiated a recall of the model year 2013 to 2018 trucks. The software in those trucks will be recalibrated to ensure that they are fully compliant with federal emissions law, said Jon Mills, a spokesman for Cummins. Mr. Mills said that "next steps are unclear" on the model year 2020 through 2023, but that the company "continues to work collaboratively with regulators" to resolve the issue. The Justice Department partnered with the Environmental Protection Agency in its investigation of the case.

The New York Times sued OpenAI and Microsoft for copyright infringement on Wednesday, opening a new front in the increasingly intense legal battle over the unauthorized use of published work to train artificial intelligence technologies. From a report: The Times is the first major American media organization to sue the companies, the creators of ChatGPT and other popular A.I. platforms, over copyright issues associated with its written works. The lawsuit [PDF], filed in Federal District Court in Manhattan, contends that millions of articles published by The Times were used to train automated chatbots that now compete with the news outlet as a source of reliable information.

The suit does not include an exact monetary demand. But it says the defendants should be held responsible for "billions of dollars in statutory and actual damages" related to the "unlawful copying and use of The Times's uniquely valuable works." It also calls for the companies to destroy any chatbot models and training data that use copyrighted material from The Times. The lawsuit could test the emerging legal contours of generative A.I. technologies -- so called for the text, images and other content they can create after learning from large data sets -- and could carry major implications for the news industry. The Times is among a small number of outlets that have built successful business models from online journalism, but dozens of newspapers and magazines have been hobbled by readers' migration to the internet.

theodp writes: Back in May 2021, tech-backed nonprofit Code.org touted the signing of a licensing agreement with WhiteHat Jr., allowing the edtech company with a controversial past (Whitehat Jr. was bought for $300M in 2020 by Byju's, an edtech firm that received a $50M investment from Mark Zuckerberg's venture firm) to integrate Code.org's free-to-educators-and-organizations content and tools into their online tutoring service. Code.org did not reveal what it was charging Byju's to use its "free curriculum and open source technology" for commercial purposes, but Code.org's 2021 IRS 990 filing reported $1M in royalties from an unspecified source after earlier years reported $0. Coincidentally, Whitehat Jr. is represented by Aaron Kornblum, who once worked at Microsoft for now-President Brad Smith, who left Code.org's Board just before the lawsuit was filed.

Fast forward to 2023 and the bloom is off the rose, as Court records show that Code.org earlier this month sued Whitehat Education Technology, LLC (Exhibits A and B) in what is called "a civil action for breach of contract arising from Whitehat's failure to pay Code.org the agreed-upon charges for its use of Code.org's platform and licensed content and its ongoing, unauthorized use of that platform and content." According to the filing, "Whitehat agreed [in April 2022] to pay to Code.org licensing fees totaling $4,000,000 pursuant to a four-year schedule" and "made its first four scheduled payments, totaling $1,000,000," but "about a year after the Agreement was signed, Whitehat informed Code.org that it would be unable to make the remaining scheduled license payments." While the original agreement was amended to backload Whitehat's license fee payment obligations, "Whitehat has not paid anything at all beyond the $1,000,000 that it paid pursuant to the 2022 invoices before the Agreement was amended" and "has continued to access Code.org's platform and content."

That Byju's Whitehat Jr. stiffed Code.org is hardly shocking. In June 2023, Reuters reported that Byju's auditor Deloitte cut ties with the troubled Indian Edtech startup that was once an investor darling and valued at $22 billion, adding that a Byju's Board member representing the Chan-Zuckerberg Initiative had resigned with two other Board members. The BBC reported in July that Byju's was guilty of overexpanding during the pandemic (not unlike Zuck's Facebook). Ironically, the lawsuit Exhibits include screenshots showing Mark Zuckerberg teaching Code.org lessons. Zuckerberg and Facebook were once among the biggest backers of Code.org, although it's unclear whether that relationship soured after court documents were released that revealed Code.org's co-founders talking smack about Zuck and Facebook's business practices to lawyers for Six4Three, which was suing Facebook.

Code.org's curriculum is also used by the Amazon Future Engineer (AFE) initiative, but it is unclear what royalties -- if any -- Amazon pays to Code.org for the use of Code.org curriculum. While the AFE site boldly says, "we provide free computer science curriculum," the AFE fine print further explains that "our partners at Code.org and ProjectSTEM offer a wide array of introductory and advance curriculum options and teacher training." It's unclear what kind of organization Amazon's AFE ("Computer Science Learning Childhood to Career") exactly is -- an IRS Tax Exempt Organization Search failed to find any hits for "Amazon Future Engineer" -- making it hard to guess whether Code.org might consider AFE's use of Code.org software 'commercial use.' Would providing a California school district with free K-12 CS curriculum that Amazon boasts of cultivating into its "vocal champion" count as "commercial use"? How about providing free K-12 CS curriculum to children who live where Amazon is seeking incentives? Or if Amazon CEO Jeff Bezos testifies Amazon "funds computer science coursework" for schools as he attempts to counter a Congressional antitrust inquiry? These seem to be some of the kinds of distinctions Richard Stallman anticipated more than a decade ago as he argued against a restriction against commercial use of otherwise free software.

"It's easy to default to giving the tech gifts that retailers tend to push on us this time of year..." notes Lifehacker senior writer Thorin Klosowski.

"But before you give one, think twice about what you're opting that person into." A number of these gifts raise red flags for us as privacy-conscious digital advocates. Ring cameras are one of the most obvious examples, but countless others over the years have made the security or privacy naughty list (and many of these same electronics directly clash with your right to repair). One big problem with giving these sorts of gifts is that you're opting another person into a company's intrusive surveillance practice, likely without their full knowledge of what they're really signing up for... And let's not forget about kids. Long subjected to surveillance from elves and their managers, electronics gifts for kids can come with all sorts of surprise issues, like the kid-focused tablet we found this year that was packed with malware and riskware. Kids' smartwatches and a number of connected toys are also potential privacy hazards that may not be worth the risks if not set up carefully.

Of course, you don't have to avoid all technology purchases. There are plenty of products out there that aren't creepy, and a few that just need extra attention during set up to ensure they're as privacy-protecting as possible. While we don't endorse products, you don't have to start your search in a vacuum. One helpful place to start is Mozilla's Privacy Not Included gift guide, which provides a breakdown of the privacy practices and history of products in a number of popular gift categories.... U.S. PIRG also has guidance for shopping for kids, including details about what to look for in popular categories like smart toys and watches....

Your job as a privacy-conscious gift-giver doesn't end at the checkout screen. If you're more tech savvy than the person receiving the item, or you're helping set up a gadget for a child, there's no better gift than helping set it up as privately as possible.... Giving the gift of electronics shouldn't come with so much homework, but until we have a comprehensive data privacy law, we'll likely have to contend with these sorts of set-up hoops. Until that day comes, we can all take the time to help those who need it.

The New York Times reports: Last month, I received an alarming email from someone I did not know: Rui Zhu, a Ph.D. candidate at Indiana University Bloomington. Mr. Zhu had my email address, he explained, because GPT-3.5 Turbo, one of the latest and most robust large language models (L.L.M.) from OpenAI, had delivered it to him. My contact information was included in a list of business and personal email addresses for more than 30 New York Times employees that a research team, including Mr. Zhu, had managed to extract from GPT-3.5 Turbo in the fall of this year. With some work, the team had been able to "bypass the model's restrictions on responding to privacy-related queries," Mr. Zhu wrote.

My email address is not a secret. But the success of the researchers' experiment should ring alarm bells because it reveals the potential for ChatGPT, and generative A.I. tools like it, to reveal much more sensitive personal information with just a bit of tweaking. When you ask ChatGPT a question, it does not simply search the web to find the answer. Instead, it draws on what it has "learned" from reams of information — training data that was used to feed and develop the model — to generate one. L.L.M.s train on vast amounts of text, which may include personal information pulled from the Internet and other sources. That training data informs how the A.I. tool works, but it is not supposed to be recalled verbatim... In the example output they provided for Times employees, many of the personal email addresses were either off by a few characters or entirely wrong. But 80 percent of the work addresses the model returned were correct.
The researchers used the API for accessing ChatGPT, the article notes, where "requests that would typically be denied in the ChatGPT interface were accepted..."

"The vulnerability is particularly concerning because no one — apart from a limited number of OpenAI employees — really knows what lurks in ChatGPT's training-data memory."

And there was a broader related warning in another article published the same day. Microsoft may be building an AI silo in a walled garden, argues a professor at the University of California, Berkeley's school of information, calling the development "detrimental for technology development, as well as costly and potentially dangerous for society and the economy." [In January] Microsoft sealed its OpenAI relationship with another major investment — this time around $10 billion, much of which was, once again, in the form of cloud credits instead of conventional finance. In return, OpenAI agreed to run and power its AI exclusively through Microsoft's Azure cloud and granted Microsoft certain rights to its intellectual property...

Recent reports that U.K. competition authorities and the U.S. Federal Trade Commission are scrutinizing Microsoft's investment in OpenAI are encouraging. But Microsoft's failure to report these investments for what they are — a de facto acquisition — demonstrates that the company is keenly aware of the stakes and has taken advantage of OpenAI's somewhat peculiar legal status as a non-profit entity to work around the rules...

The U.S. government needs to quickly step in and reverse the negative momentum that is pushing AI into walled gardens. The longer it waits, the harder it will be, both politically and technically, to re-introduce robust competition and the open ecosystem that society needs to maximize the benefits and manage the risks of AI technology.

An anonymous Slashdot reader shared this report from CNET: Marking its 60th year on television, the British time-travel series will close out 2023 with one last anniversary special that arrives on Christmas Day. Ncuti Gatwa's Doctor helms the Tardis in The Church on Ruby Road, which centers on an abandoned baby who grows up looking for answers... Disney Plus will stream Doctor Who: The Church on Ruby Road on Monday, Dec. 25, at 12:55 p.m. ET (9:55 a.m. PT) in all regions except the UK and Ireland, where it will air on the BBC. In case you missed it, viewers can also watch David Tennant starring in the other three anniversary specials: The Star Beast, Wild Blue Yonder and The Giggle. All releases are available on Disney Plus.
But what's interesting is CNET goes on to explain "why a VPN could be a useful tool." Perhaps you're traveling abroad and want to stream Disney Plus while away from home. With a VPN, you're able to virtually change your location on your phone, tablet or laptop to get access to the series from anywhere in the world. There are other good reasons to use a VPN for streaming too. A VPN is the best way to encrypt your traffic and stop your ISP from throttling your speeds...

You can use a VPN to stream content legally as long as VPNs are allowed in your country and you have a valid subscription to the streaming service you're using. The U.S. and Canada are among the countries where VPNs are legal

An anonymous reader shared this report from Fast Company: Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses [earlier this month]. The security council tells Fast Company it's also aware of recent intrusions by hackers linked to China's military at American infrastructure entities that include water and energy utilities in multiple states.

Neither the Iran-linked or China-linked attacks affected critical systems or caused disruptions, according to reports.

"We're seeing companies and critical services facing increased cyber threats from malicious criminals and countries," Anne Neuberger, the deputy national security advisor for cyber and emerging tech, tells Fast Company. The White House had been urging infrastructure providers to upgrade their cyber defenses before these recent hacks, but "clearly, by the most recent success of the criminal cyberattacks, more work needs to be done," she says... The attacks hit at least 11 different entities using Unitronics devices across the United States, which included six local water facilities, a pharmacy, an aquatics center, and a brewery...

Some of the compromised devices had been connected to the open internet with a default password of "1111," federal authorities say, making it easy for hackers to find them and gain access. Fixing that "doesn't cost any money," Neuberger says, "and those are the kinds of basic things that we really want companies urgently to do." But cybersecurity experts say these attacks point to a larger issue: the general vulnerability of the technology that powers physical infrastructure. Much of the hardware was developed before the internet and, though they were retrofitted with digital capabilities, still "have insufficient security controls," says Gary Perkins, chief information security officer at cybersecurity firm CISO Global. Additionally, many infrastructure facilities prioritize "operational ease of use rather than security," since many vendors often need to access the same equipment, says Andy Thompson, an offensive cybersecurity expert at CyberArk. But that can make the systems equally easy for attackers to exploit: freely available web tools allow anyone to generate lists of hardware connected to the public internet, like the Unitronics devices used by water companies.

"Not making critical infrastructure easily accessible via the internet should be standard practice," Thompson says.

An anonymous reader quotes a report from The Verge: Two lawmakers filed a bill requiring creators of foundation models to disclose sources of training data so copyright holders know their information was taken. The AI Foundation Model Transparency Act -- filed by Reps. Anna Eshoo (D-CA) and Don Beyer (D-VA) -- would direct the Federal Trade Commission (FTC) to work with the National Institute of Standards and Technology (NIST) to establish rules for reporting training data transparency. Companies that make foundation models will be required to report sources of training data and how the data is retained during the inference process, describe the limitations or risks of the model, how the model aligns with NIST's planned AI Risk Management Framework and any other federal standards might be established, and provide information on the computational power used to train and run the model. The bill also says AI developers must report efforts to "red team" the model to prevent it from providing "inaccurate or harmful information" around medical or health-related questions, biological synthesis, cybersecurity, elections, policing, financial loan decisions, education, employment decisions, public services, and vulnerable populations such as children.

The bill calls out the importance of training data transparency around copyright as several lawsuits have come out against AI companies alleging copyright infringement. It specifically mentions the case of artists against Stability AI, Midjourney, and Deviant Art, (which was largely dismissed in October, according to VentureBeat), and Getty Images' complaint against Stability AI. The bill still needs to be assigned to a committee and discussed, and it's unclear if that will happen before the busy election campaign season starts. Eshoo and Beyer's bill complements the Biden administration's AI executive order, which helps establish reporting standards for AI models. The executive order, however, is not law, so if the AI Foundation Model Transparency Act passes, it will make transparency requirements for training data a federal rule.

An anonymous reader quotes a report from NPR: The Biden administration released its highly anticipated proposal for doling out billions of dollars in tax credits to hydrogen producers Friday, in a massive effort to build out an industry that some hope can be a cleaner alternative to fossil fueled power. The U.S. credit is the most generous in the world for hydrogen production, Jesse Jenkins, a professor at Princeton University who has analyzed the U.S. climate law, said last week. The proposal -- which is part of Democrats' Inflation Reduction Act passed last year -- outlines a tiered system to determine which hydrogen producers get the most credits, with cleaner energy projects receiving more, and smaller, but still meaningful credits going to those that use fossil fuel to produce hydrogen.

Administration officials estimate the hydrogen production credits will deliver $140 billion in revenue and 700,000 jobs by 2030 -- and will help the U.S. produce 50 million metric tons of hydrogen by 2050. "That's equivalent to the amount of energy currently used by every bus, every plane, every train and every ship in the US combined," Energy Deputy Secretary David M. Turk said on a Thursday call with reporters to preview the proposal. [...] As part of the administration's proposal, firms that produce cleaner hydrogen and meet prevailing wage and registered apprenticeship requirements stand to qualify for a large incentive at $3 per kilogram of hydrogen. Firms that produce hydrogen using fossil fuels get less. The credit ranges from $.60 to $3 per kilo, depending on whole lifecycle emissions.

One contentious issue in the proposal was how to deal with the fact that clean, electrolyzer hydrogen draws tremendous amounts of electricity. Few want that to mean that more coal or natural gas-fired power plants run extra hours. The guidance addresses this by calling for producers to document their electricity usage through "energy attribute certificates" -- which will help determine the credits they qualify for. Rachel Fakhry, policy director for emerging technologies at the Natural Resources Defense Council called the proposal "a win for the climate, U.S. consumers, and the budding U.S. hydrogen industry." The Clean Air Task Force likewise called the proposal "an excellent step toward developing a credible clean hydrogen market in the United States."

Emma Roth reports via The Verge: The 18-year-old Lapsus$ hacker who played a critical role in leaking Grand Theft Auto VI footage has been sentenced to life inside a hospital prison, according to a report from the BBC. A British judge ruled on Thursday that Arion Kurtaj is a high risk to the public because he still wants to commit cybercrimes.

In August, a London jury found that Kurtaj carried out cyberattacks against GTA VI developer Rockstar Games and other companies, including Uber and Nvidia. However, since Kurtaj has autism and was deemed unfit to stand trial, the jury was asked to determine whether he committed the acts in question, not whether he did so with criminal intent. During Thursday's hearing, the court heard Kurtaj "had been violent while in custody with dozens of reports of injury or property damage," the BBC reports. A mental health assessment also found that Kurtaj "continued to express the intent to return to cybercrime as soon as possible." He's required to stay in the hospital prison for life unless doctors determine that he's no longer a danger.

Kurtaj leaked 90 videos of GTA VI gameplay footage last September while out on bail for hacking Nvidia and British telecom provider BT / EE. Although he stayed at a hotel under police protection during this time, Kurtaj still managed to carry out an attack on Rockstar Games by using the room's included Amazon Fire Stick and a "newly purchased smart phone, keyboard and mouse," according to a separate BBC report. Kurtaj was arrested for the final time following the incident. Another 17-year-old involved with Lapsus$ was handed an 18-month community sentence, called a Youth Rehabilitation Order, and a ban from using virtual private networks.

An anonymous reader quotes a report from TechCrunch, written by Brian Heater: Back in mid-September, a pair of Massachusetts lawmakers introduced a bill "to ensure the responsible use of advanced robotic technologies." What that means in the simplest and most direct terms is legislation that would bar the manufacture, sale and use of weaponized robots. It's an interesting proposal for a number of reasons. The first is a general lack of U.S. state and national laws governing such growing concerns. It's one of those things that has felt like science fiction to such a degree that many lawmakers had no interest in pursuing it in a pragmatic manner. [...] Earlier this week, I spoke about the bill with Massachusetts state representative Lindsay Sabadosa, who filed it alongside Massachusetts state senator Michael Moore.

What is the status of the bill?
We're in an interesting position, because there are a lot of moving parts with the bill. The bill has had a hearing already, which is wonderful news. We're working with the committee on the language of the bill. They have had some questions about why different pieces were written as they were written. We're doing that technical review of the language now -- and also checking in with all stakeholders to make sure that everyone who needs to be at the table is at the table.

When you say "stakeholders" ...
Stakeholders are companies that produce robotics. The robot Spot, which Boston Dynamics produces, and other robots as well, are used by entities like Boston Police Department or the Massachusetts State Police. They might be used by the fire department. So, we're talking to those people to run through the bill, talk about what the changes are. For the most part, what we're hearing is that the bill doesn't really change a lot for those stakeholders. Really the bill is to prevent regular people from trying to weaponize robots, not to prevent the very good uses that the robots are currently employed for.

Does the bill apply to law enforcement as well?
We're not trying to stop law enforcement from using the robots. And what we've heard from law enforcement repeatedly is that they're often used to deescalate situations. They talk a lot about barricade situations or hostage situations. Not to be gruesome, but if people are still alive, if there are injuries, they say it often helps to deescalate, rather than sending in officers, which we know can often escalate the situation. So, no, we wouldn't change any of those uses. The legislation does ask that law enforcement get warrants for the use of robots if they're using them in place of when they would send in a police officer. That's pretty common already. Law enforcement has to do that if it's not an emergency situation. We're really just saying, "Please follow current protocol. And if you're going to use a robot instead of a human, let's make sure that protocol is still the standard."

I'm sure you've been following the stories out of places like San Francisco and Oakland, where there's an attempt to weaponize robots. Is that included in this?
We haven't had law enforcement weaponize robots, and no one has said, "We'd like to attach a gun to a robot" from law enforcement in Massachusetts. I think because of some of those past conversations there's been a desire to not go down that route. And I think that local communities would probably have a lot to say if the police started to do that. So, while the legislation doesn't outright ban that, we are not condoning it either. Representative Sabadosa said Boston Dynamics "sought us out" and is "leading the charge on this."

"I'm hopeful that we will be the first to get the legislation across the finish line, too," added Rep. Sabadosa. "We've gotten thank-you notes from companies, but we haven't gotten any pushback from them. And our goal is not to stifle innovation. I think there's lots of wonderful things that robots will be used for. [...]"

You can read the full interview here.

The police will be able to run facial recognition searches on a database containing images of Britain's 50 million driving licence holders under a law change being quietly introduced by the government. From a report: Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving licence records for a match. The move, contained in a single clause in a new criminal justice bill, could put every driver in the country in a permanent police lineup, according to privacy campaigners.

Facial recognition searches match the biometric measurements of an identified photograph, such as that contained on driving licences, to those of an image picked up elsewhere. The intention to allow the police or the National Crime Agency (NCA) to exploit the UK's driving licence records is not explicitly referenced in the bill or in its explanatory notes, raising criticism from leading academics that the government is "sneaking it under the radar." Once the criminal justice bill is enacted, the home secretary, James Cleverly, must establish "driver information regulations" to enable the searches, but he will need only to consult police bodies, according to the bill.

An anonymous reader quotes a report from TechCrunch: Rite Aid has been banned from using facial recognition software for five years, after the Federal Trade Commission (FTC) found that the U.S. drugstore giant's "reckless use of facial surveillance systems" left customers humiliated and put their "sensitive information at risk." The FTC's Order (PDF), which is subject to approval from the U.S. Bankruptcy Court after Rite Aid filed for Chapter 11 bankruptcy protection in October, also instructs Rite Aid to delete any images it collected as part of its facial recognition system rollout, as well as any products that were built from those images. The company must also implement a robust data security program to safeguard any personal data it collects.

A Reuters report from 2020 detailed how the drugstore chain had secretly introduced facial recognition systems across some 200 U.S. stores over an eight-year period starting in 2012, with "largely lower-income, non-white neighborhoods" serving as the technology testbed. With the FTC's increasing focus on the misuse of biometric surveillance, Rite Aid fell firmly in the government agency's crosshairs. Among its allegations are that Rite Aid -- in partnership with two contracted companies -- created a "watchlist database" containing images of customers that the company said had engaged in criminal activity at one of its stores. These images, which were often poor quality, were captured from CCTV or employees' mobile phone cameras.

When a customer entered a store who supposedly matched an existing image on its database, employees would receive an automatic alert instructing them to take action -- and the majority of the time this instruction was to "approach and identify," meaning verifying the customer's identity and asking them to leave. Often, these "matches" were false positives that led to employees incorrectly accusing customers of wrongdoing, creating "embarrassment, harassment, and other harm," according to the FTC. "Employees, acting on false positive alerts, followed consumers around its stores, searched them, ordered them to leave, called the police to confront or remove consumers, and publicly accused them, sometimes in front of friends or family, of shoplifting or other wrongdoing," the complaint reads. Additionally, the FTC said that Rite Aid failed to inform customers that facial recognition technology was in use, while also instructing employees to specifically not reveal this information to customers. In a press release, Rite Aid said that it was "pleased to reach an agreement with the FTC," but that it disagreed with the crux of the allegations.

"The allegations relate to a facial recognition technology pilot program the Company deployed in a limited number of stores," Rite Aid said in its statement. "Rite Aid stopped using the technology in this small group of stores more than three years ago, before the FTC's investigation regarding the Company's use of the technology began."