A bipartisan group of 12 senators has urged the TSA inspector general to investigate the agency's use of facial recognition technology, citing concerns over privacy, civil liberties, and its expansion to over 430 airports without sufficient safeguards or proven effectiveness. Gizmodo reports: "This technology will soon be in use at hundreds of major and mid-size airports without an independent evaluation of the technology's precision or an audit of whether there are sufficient safeguards in place to protect passenger privacy," the senators wrote. The letter was signed by Jeffrey Merkley (D-OR), John Kennedy (R-LA), Ed Markey (D-MA), Ted Cruz (R-TX), Roger Marshall (R-Kansas), Ron Wyden (D-OR), Steve Daines (R-MT), Elizabeth Warren (D-MA), Bernie Sanders (I-VT), Cynthia Lummis (R-WY), Chris Van Hollen (D-MD), and Peter Welch (D-VT).

While the TSA's facial recognition program is currently optional and only in a few dozen airports, the agency announced in June that it plans to expand the technology to more than 430 airports. And the senators' letter quotes a talk given by TSA Administrator David Pekoske in 2023 in which he said "we will get to the point where we require biometrics across the board." [...] The latest letter urges the TSA's inspector general to evaluate the agency's facial recognition program to determine whether it's resulted in a meaningful reduction in passenger delays, assess whether it's prevented anyone on no-fly lists from boarding a plane, and identify how frequently it results in identity verification errors.

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

A U.S. federal appeals court ruled that sanctions against Tornado Cash, a crypto transaction anonymization service, must be abandoned, stating that its immutable smart contracts do not constitute "property" under U.S. law and that the Treasury overstepped its authority. The ruling is available here (PDF). CoinDesk reports: The decision answers a controversial privacy debate on whether the government -- via a sanctions list maintained by the U.S. Treasury Department -- has a right to target the technology because it's associated with criminals. The ruling reversed a district court's August ruling that had sided with the government's pursuit of what it had characterized as a "notorious" crypto-mixing service.

OFAC had sanctioned Tornado Cash last year, contending that it was a vital tool used by bad actors including North Korea's Lazarus Group to launder crypto tokens pilfered from platforms and games such as Axie Infinity. Coinbase (COIN) and others had sued the government, claiming it had overreached. Paul Grewal, chief legal officer of crypto exchange Coinbase, cheered the ruling in a Tuesday post on X, calling it a "historic win for crypto." "These smart contracts must now be removed from the sanctions list and U.S. persons will once again be allowed to use this privacy-protecting protocol," Grewal wrote. "Put another way, the government's overreach will not stand." "We readily recognize the real-world downsides of certain uncontrollable technology falling outside of OFAC's sanctioning authority," the judges said, referencing the ineffectiveness of a law that was established well before the world moved online. "But we must uphold the statutory bargain struck (or mis-struck) by Congress, not tinker with it."

Tornado Cash's TORN token has since rallied 500%, passing the $20 mark.

The FTC has opened a broad antitrust investigation into Microsoft, including of its software licensing and cloud computing business. Bloomberg first reported the news. Reuters reports: The probe was approved by FTC Chair Lina Khan ahead of her likely departure in January. The election of Donald Trump as U.S. president and the expectation he will appoint a fellow Republican with a softer approach toward business, leaves the outcome of the investigation up in the air.

The FTC is examining allegations that the software giant is potentially abusing its market power in productivity software by imposing punitive licensing terms to prevent customers from moving their data from its Azure cloud service to other competitive platforms, sources confirmed earlier this month. The FTC is also looking at practices related to cybersecurity and artificial intelligence products, the source said on Wednesday.

A piracy ring that gave 22 million subscribers in Europe cheap access to content stolen from international streaming services has been shut down by Italian authorities after a two-year investigation. From a report: The criminal enterprise used a complex international IT system to "capture and resell" live programming and other on-demand content from companies including sports broadcaster DAZN, Netflix, Amazon Prime, Paramount, Sky and Disney+, prosecutors said in a statement on Wednesday.

Authorities estimate the operation generated revenues of roughly $264.3 million a month [non-paywalled link], or $3.2 billion a year, and caused combined damages of more than $10.6 billion to the affected broadcast companies. "The rate of profit you get from these illegal activities with lower risk is equivalent to that of cocaine trafficking," Francesco Curcio, the criminal prosecutor who led the investigation, told reporters.

An anonymous reader quotes a report from TechCrunch: Security researchers have uncovered two previously unknown zero-day vulnerabilities that are being actively exploited by RomCom, a Russian-linked hacking group, to target Firefox browser users and Windows device owners across Europe and North America. RomCom is a cybercrime group that is known to carry out cyberattacks and other digital intrusions for the Russian government. The group -- which was last month linked to a ransomware attack targeting Japanese tech giant Casio -- is also known for its aggressive stance against organizations allied with Ukraine, which Russia invaded in 2014.

Researchers with security firm ESET say they found evidence that RomCom combined use of the two zero-day bugs -- described as such because the software makers had no time to roll out fixes before they were used to hack people -- to create a "zero click" exploit, which allows the hackers to remotely plant malware on a target's computer without any user interaction. "This level of sophistication demonstrates the threat actor's capability and intent to develop stealthy attack methods," ESET researchers Damien Schaeffer and Romain Dumont said in a blog post on Monday. [...] Schaeffer told TechCrunch that the number of potential victims from RomCom's "widespread" hacking campaign ranged from a single victim per country to as many as 250 victims, with the majority of targets based in Europe and North America. Mozilla and the Tor Project quickly patched a Firefox-based vulnerability after being alerted by ESET, with no evidence of Tor Browser exploitation. Meanwhile, Microsoft addressed a Windows vulnerability on November 12 following a report by Google's Threat Analysis Group, indicating potential use in government-backed hacking campaigns.

An anonymous reader quotes a report from the New York Times: The founder of an artificial intelligence start-up focused on education was arrested and charged with defrauding her investors, lying about the company's profits and falsely claiming that some of the largest school districts in the country, including New York City's, were her customers. The founder, Joanna Smith-Griffin, started the company, AllHere Education, in 2016, with the goal of using artificial intelligence to increase student and parent engagement and curb absenteeism. In the years that followed, Ms. Smith-Griffin, 33, misrepresented AllHere's revenue and customer base to fraudulently raise almost $10 million in funds, according to the indictment. Once the company's valuation had climbed, she sold some of her stake in it and spent hundreds of thousands of dollars on a down payment for a new home and on her wedding.

Ms. Smith-Griffin was arrested Tuesday in North Carolina, where she lives, and charged with wire fraud, securities fraud and aggravated identity theft. She faces more than 40 years in prison. AllHere is now in bankruptcy proceedings, prosectors said, and all of its employees have been laid off. "Her alleged actions impacted the potential for improved learning environments across major school districts by selfishly prioritizing personal expenses," said James E. Dennehy, the F.B.I. assistant director in New York leading the investigation into Ms. Smith-Griffin. "The F.B.I. will ensure that any individual exploiting the promise of educational opportunities for our city's children will be taught a lesson." Smith-Griffin is the latest Forbes 30 Under 30 honoree to be indicted on fraud. "The Forbes-to-Fraud pipeline includes FTX founder Sam Bankman-Fried and Caroline Ellison, co-CEO of Alameda Research; fintech Frank founder Charlie Javice; and 'Pharma bro' Martin Shkreli," notes TechCrunch.

Interpol arrested 1,006 suspects in Africa during a massive two-month operation, clamping down on cybercrime that left tens of thousands of victims, including some who were trafficked, and produced millions in financial damages, the global police organization said Tuesday. From a report: Operation Serengeti, a joint operation with Afripol, the African Union's police agency, ran from Sept. 2 to Oct. 31 in 19 African countries and targeted criminals behind ransomware, business email compromise, digital extortion and online scams, the agency said in a statement.

Blue Yonder, a Panasonic subsidiary specializing in AI-driven supply chain solutions, experienced a recent ransomware attack that impacted many of its customers. "Among its 3,000 customers are high-profile organizations like DHL, Renault, Bayer, Morrisons, Nestle, 3M, Tesco, Starbucks, Ace Hardware, Procter & Gamble, Sainsbury, and 7-Eleven," reports BleepingComputer. From the report: On Friday, the company warned that it was experiencing disruptions to its managed services hosting environment due to a ransomware incident that occurred the day before, on November 21. "On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident," reads the announcement. "Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols."

Blue Yonder claims it has detected no suspicious activity in its public cloud environment and is still processing multiple recovery strategies. [...] As expected, this has impacted clients directly, as a spokesperson for UK grocery store chain Morrisons has confirmed to the media they have reverted to a slower backup process. Sainsbury told CNN that it had contingency plans in place to overcome the disruption. A Saturday update informed customers that the restoration of the impacted services continued, but no specific timelines for complete restoration could be shared yet. Another update published on Sunday reiterated the same, urging clients to monitor the customer update page on Blue Yonder's website over the coming days.

The U.S. is preparing to impose new sanctions targeting 200 Chinese chipmakers and potentially restricting the export of High Bandwidth Memory (HBM). The move is intended to further hinder China's semiconductor and AI advancements. Tom's Hardware reports: The update sheds light on the Biden administration's recent efforts to impose stricter regulations on chip manufacturers in China. The latest swarm of sanctions reportedly targets roughly 200 Chinese firms. US companies are prohibited from exporting select technologies or products to the targeted firms. The report suggests that the US Department of Commerce aims to push these new regulations before the Thanksgiving break - or November 28. Neither the Department of Commerce nor the Chamber of Commerce responded to Reuters' request for comments.

Moreover, another wave of sanctions is set to follow in December - targeting the export of HBM (High Bandwidth Memory) - primarily to choke China's advance in the AI domain. The impacts of these restrictions are materializing given that Huawei's Kirin SoCs and Ascend AI accelerators will reportedly remain stuck at 7nm technology until 2026 as SMIC fails to procure cutting-edge Extreme Ultraviolet (EUV) machines from ASML.

A new bill introduced by Sen. Peter Welch (D-Vt) aims to make it easier for human creators to find out if their work was used without permission to train artificial intelligence. NBC News reports: The Transparency and Responsibility for Artificial Intelligence Networks (TRAIN) Act would enable copyright holders to subpoena training records of generative AI models, if the holder can declare a "good faith belief" that their work was used to train the model. The developers would only need to reveal the training material that is "sufficient to identify with certainty" whether the copyright holder's works were used. Failing to comply would create a legal assumption -- until proven otherwise -- that the AI developer did indeed use the copyrighted work. [...]

In a news release, Welch said the TRAIN Act has been endorsed by several organizations -- including the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA), the American Federation of Musicians, and the Recording Academy -- as well as major music labels -- including Universal Music Group, Warner Music Group and Sony Music Group.

An anonymous reader quotes a report from Ars Technica: The Supreme Court signaled it may take up a case that could determine whether Internet service providers must terminate users who are accused of copyright infringement. In an order (PDF) issued today, the court invited the Department of Justice's solicitor general to file a brief "expressing the views of the United States."

In Sony Music Entertainment v. Cox Communications, the major record labels argue that cable provider Cox should be held liable for failing to terminate users who were repeatedly flagged for infringement based on their IP addresses being connected to torrent downloads. There was a mixed ruling at the US Court of Appeals for the 4th Circuit as the appeals court affirmed a jury's finding that Cox was guilty of willful contributory infringement but reversed a verdict on vicarious infringement "because Cox did not profit from its subscribers' acts of infringement." That ruling vacated a $1 billion damages award and ordered a new damages trial. Cox and Sony are both seeking a Supreme Court review. Cox wants to overturn the finding of willful contributory infringement, while Sony wants to reinstate the $1 billion verdict.

The Supreme Court asking for US input on Sony v. Cox could be a precursor to the high court taking up the case. For example, the court last year asked the solicitor general to weigh in on Texas and Florida laws that restricted how social media companies can moderate their platforms. The court subsequently took up the case and vacated lower-court rulings, making it clear that content moderation is protected by the First Amendment.

Some days more than half of California's available solar power goes to waste, according to research from the California Institute for Energy and Environment. "In the last 12 months, California's solar farms have curtailed production of more than 3 million megawatt hours of solar energy," according to a data analysis by the Los Angeles Times — enough to power 518,000 California homes for a year.

And it was curtailed "either on the orders of the state's grid operator or because prices had plummeted because of the glut. The waste would have been even larger if California had not paid utilities in other states to take the excess solar energy, documents from the state's grid operator show." That means green energy paid for by California electricity customers is sent away, lowering bills for residents of other states. Arizona's largest public utility reaped $69 million in savings last year by buying from the market California created to get rid of its excess solar power. The utility returned that money to its customers as a credit on their bills. Also reaping profits are electricity traders, including banks and hedge funds. The increasing oversupply of solar power has created a situation where energy traders can buy the excess at prices so low they become negative, said energy consultant Gary Ackerman, the former executive director of the Western Power Trading Forum. That means the solar plant is paying the traders to take it. "This is all being underwritten by California ratepayers," Ackerman said...

The solar glut also means higher electricity bills for Californians, since they are effectively paying to generate the power but not using it. California's electric rates are roughly twice the nation's average, with only Hawaii having higher rates. Rates at Southern California Edison and Pacific Gas & Electric increased by 51% over the last three years. "Ratepayers aren't getting the energy they've paid for," said Ron Miller, an energy industry consultant in Denver. He calculates that the retail value of the solar energy thrown away in a year would be more than $1 billion.

Gov. Gavin Newsom's advisors and those who manage the state's electric grid say they are working to reduce the curtailments, including by building more industrial-scale battery storage facilities that soak up the excess solar power during the day and then release it at night. Officials in the governor's office declined to be interviewed, but issued a statement saying the curtailments are often because of congestion on transmission lines, rather than a statewide oversupply of power. The state has been spending heavily to upgrade transmission lines to ease the congestion. "It's also important to have extra energy resources available that can help the state during periods of extreme weather and historic heatwaves when demand is particularly high, which have happened the past few years," the statement said...

The commercial solar industry contends that the expansion of storage capacity to bank solar power will eventually eliminate the glut.

"At points there was fear the talks would implode, as groups representing vulnerable small island states and the least-developed countries walked out of negotiations Saturday," according to a new report from CNN.

But after weeks of international climate talks at COP29, "the world agreed to a new climate deal... "with wealthy countries pledging to provide $300 billion annually by 2035 to poorer countries to help them cope with the increasingly catastrophic impacts of the climate crisis." The amount pledged, however, falls far short of the $1.3 trillion economists say is needed to help developing countries cope with a climate crisis they have done least to cause — and there has been a furious reaction from many developing countries. a fiery speech immediately after the gavel went down, India's representative Chandni Raina slammed the $300 billion as "abysmally poor" and a "paltry sum," calling the agreement "nothing more than an optical illusion" and unable to "address the enormity of the challenge we all face."

Others were equally damning in their criticism. We are leaving with a small portion of the funding climate-vulnerable countries urgently need," said Tina Stege, Marshall Islands climate envoy. Stege heavily criticized the talks as showing the "very worst of political opportunism." Fossil fuel interests "have been determined to block progress and undermine the multilateral goals we've worked to build," she said in a statement...

There was also a push for richer emerging economies such as China and Saudi Arabia to contribute to the climate funding package, but the agreement only "encourages" developing countries to make voluntary contributions, and places no obligations on them... Saudi Arabia, the world's top oil exporter, which has pushed against ambitious action at past climate summits, seemed even more emboldened in Baku, publicly and explicitly rejecting any reference to oil, coal and gas in the deal.
The package "is also being criticised as short-sighted from the richer world's perspective," notes the BBC: The argument runs that if you want to keep the world safe from rising temperatures, then wealthier nations need to help emerging economies cut their emissions, because that is where 75% of the growth in emissions has occurred in the past decade.
But "Delegations more optimistic about the agreement said this deal is headed in the right direction," writes the Associated Press, "with hopes that more money flows in the future." The text included a call for all parties to work together using "all public and private sources" to get closer to the $1.3 trillion per year goal by 2035. That means also pushing for international mega-banks, funded by taxpayer dollars, to help foot the bill. And it means, hopefully, that companies and private investors will follow suit on channeling cash toward climate action. The agreement is also a critical step toward helping countries on the receiving end create more ambitious targets to limit or cut emissions of heat-trapping gases.

On November 24th, 1971 — 53 years ago today — a mysterious man jumped out of an airplane clutching $200,000 in ransom money. (He'd extorted it from the airline by claiming he had a bomb, and it's still "the only unsolved case of air piracy in the history of commercial aviation," according to Wikipedia.) Will modern technology finally let us solve the case — or just turn it into a miniseries on Netflix? And have online researchers finally discovered the definitive clue?

The FBI vetted more than 800 suspects, according to the Wyoming news site Cowboy State Daily, but in 2016 announced they were suspending their active investigation.

So it's newsworthy that the FBI now appears to be investigating new evidence, according to an amateur D.B. Cooper researcher on YouTube: the discovery of what's believed to be D.B. Cooper's uniquely-modified parachute: Retired pilot, skydiver and YouTuber, Dan Gryder told Cowboy State Daily that he may have found the missing link after uncovering the modified military surplus bailout rig he believes was used by D.B. Cooper in the heist. It belonged to Richard Floyd McCoy II, and was carefully stored in his deceased mother's storage stash until very recently... McCoy's children, Chanté and Richard III, or "Rick," agree with Gryder that they believe their father was D.B. Cooper, a secret that shrouded the family but wasn't overtly discussed. For years, they said, the family stayed mum out of fear of implicating their mother, Karen, whom they believe was complicit in both hijackings. Upon her death in 2020, they broke their silence to Gryder after being contacted by him off and on for years.

Gryder, who has been researching the case for more than 20 years, documented his investigation in a lengthy two-part series on his YouTube channel, "Probable Cause," in 2021 and 2022, where he connects the dots and shows actual footage of him finding the parachute in an outbuilding on the McCoy family property in North Carolina in July 2022. On Monday, Gryder released a third video, "D.B. Cooper: Deep FBI Update," where he announced the FBI's new and very recent efforts in his discoveries. After watching his first two videos, Gryder said FBI agents contacted Rick and Gryder to see the parachute. It was the first investigative move by the agency since issuing the 2016 public statement, declaring the case closed pending new evidence. Gryder and Rick McCoy traveled to Richmond, Virginia, in September 2023, where they met with FBI agents, who took the harness and parachute into evidence along with a skydiving logbook found by Chanté that aligned with the timeline for both hijackings, providing another vital piece in the puzzle, Gryder said....

During the meeting, Gryder said the agents called it a first step. If the evidence proved fruitless, they would have promptly returned the skydiving rig, he said, but that didn't happen. Instead, an FBI agent called Rick a month later to ask to search the family property in Cove City, North Carolina, which McCoy's mother owned and where Gryder had found the parachute and canopy... [Gryder says he watched] at least seven vehicles descend on the property with more than a dozen agents who scoured the property for about four hours... Rick said he has provided a DNA sample and was told by the FBI agents that the next step might be exhuming his father's body, but no formal terms and conditions for that process have been established thus far, he said.
A retired commercial airline pilot who was present in the Virginia FBI meeting said "It was clear they were taking it seriously" — noting it was the FBI who'd requested that meeting. The article cites two FBI agents who'd earlier already believed D.B. Cooper was McCoy. And the article points out that the FBI "has never ruled McCoy out, stating in a 2006 statement that he was 'still a favorite suspect among many.'"

A second article notes that Gryder supports the FBI's recent request to exhume McCoy's body. As he sees it, "The existing DNA marker comparisons studied so far only validate the need for this final extreme step and should close the mystery once and for all."

And the article adds that McCoy's children are "eager for closure and hope that the FBI finds the evidence agents need to close the D.B. Cooper case once and for all."

America's Justice Department "has ordered all consensual searches by drug enforcement agents conducted at the nation's airports stopped," reports Georgia's local TV station Atlanta News First — after their series of investigations "uncovered how the agents often search innocent passengers at airport gates, looking for cash." On Thursday, the department made public a November 12, 2024, directive from the deputy attorney general to the U.S. Drug Enforcement Administration (DEA) that it suspend "all consensual encounters at mass transportation facilities unless they are either connected to an ongoing, predicated investigation involving one or more identified targets or criminal networks or approved by the DEA Administrator based on exigent circumstances." The management advisory memorandum was issued by DOJ Inspector General Michael Horowitz.

The memo specifically mentioned the case of an airline passenger interviewed by Atlanta News First Chief Investigator Brendan Keefe, author of the Atlanta News First investigation, In Plane Sight. The award-winning series uncovered how drug agents have been seizing anything over $5,000 if airline passengers can't prove — on the spot — that their own money didn't come from drug trafficking. The government seizes the cash when no drugs are found, without arresting the traveler or charging them with a crime, and the DEA gets to keep the money it seizes.

After witnessing the Atlanta News First series, the passenger in question — who was departing from Cincinnati and heading to New York, where he lives — refused consent to have his bags searched at the gate... "The DOJ Office of the Inspector General (OIG) further learned that the DEA Task Force Group selected this traveler for the encounter based on information provided by a DEA confidential source, who was an employee of a commercial airline, about travelers who had purchased tickets within 48 hours of the travel," the memo said. "The OIG learned that the DEA had been paying this employee a percentage of forfeited cash seized by the DEA office from passengers at the local airport when the seizure resulted from information the employee had provided to the DEA. The employee had received tens of thousands of dollars from the DEA over the past several years."
The news station's investigation "also revealed passengers selected for what the government calls 'random, consensual encounters' are actually profiled by the drug agents who search Black men far more often than any other group of passengers," according to the article.

"The reports analyzed data showing that, for drug agents to find just one passenger with money, they have to publicly search 10 departing passengers."

NBC News reports that a newly identified chemical byproduct "may be present in drinking water in about a third of U.S. homes, a study found."

"Scientists do not yet know whether the byproduct is dangerous. But some are worried that it could have toxic properties because of similarities to other chemicals of concern." The newly identified substance, named "chloronitramide anion," is produced when water is treated with chloramine, a chemical formed by mixing chlorine and ammonia. Chloramine is often used to kill viruses and bacteria in municipal water treatment systems. Researchers said the existence of the byproduct was discovered about 40 years ago, but it was only identified now because analysis techniques have improved, which finally enabled scientists to determine the chemical's structure.

It could take years to figure out whether chloronitramide anion is dangerous — it's never been studied. The researchers reported their findings Thursday in the journal Science, in part to spur research to address safety concerns. The scientists said they have no hard evidence to suggest that the compound represents a danger, but that it bears similarities to other chemicals of concern. They think it deserves scrutiny because it's been detected so widely...

David Reckhow, a research professor in civil and environmental engineering at the University of Massachusetts, Amherst, who was not involved with the study, said the finding was an important step. The ultimate goal, he said, is understanding whether the substance is a hazard; he concurred that it was likely toxic. "It's a pretty small molecule and it can probably for that reason enter into biological systems and into cells. And it is still a reactive molecule," he said. "Those are the kinds of things you worry about."
"It's estimated more than 113 million people drink chloraminated processed water in the U.S.," according to a follow-up article by ABC News.

But they also include this quote from Dr. Stephanie Widmer, a board-certified medical toxicologist and emergency medicine physician. "The reality is that no one really knows too much about this chloronitramide and its impact on human health, and more research needs to be done. These disinfecting chemicals have been giving us clean drinking water for decades, so no reason to fear drinking water as a result of this study." Although ABC News tacks on this sentence.

"The study authors suggest, in general, adding a carbon filter to a sink or a standalone pitcher may be a good option for those concerned."

Thanks to long-time Slashdot reader Greymane for sharing the news.

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress.

Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington.

That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads.
The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

An anonymous reader shared this report from CNET: Meta says it's taken down more than 2 million accounts this year linked to overseas criminal gangs behind scam operations that human rights activists say forced hundreds of thousands of people to work as scammers and cost victims worldwide billions of dollars.

In a Thursday blog post, the parent of Facebook, Instagram and WhatsApp says the pig butchering scam operations — based in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines — use platforms like Facebook and Instagram; dating, messaging, crypto and other kinds of apps; and texts and emails, to globally target people... [T]he scammers strike up an online relationship with their victims and gain their trust. Then they move their conversations to crypto apps or scam websites and dupe victims into making bogus investments or otherwise handing over their money, Meta said. They'll ask the victims to deposit money, often in the form of cryptocurrency, into accounts, sometimes even letting the victims make small withdrawals, in order to add a veneer of legitimacy. But once the victim starts asking for their investment back, or it becomes clear they don't have any more money to deposit, the scammer disappears and takes the money with them.

And the people doing the scamming are often victims themselves. During the COVID-19 pandemic, criminal gangs began building scam centers in Southeast Asia, luring in often unsuspecting job seekers with what looked like amazing postings on local job boards and other platforms, then forcing them to work as scammers, often under the threat of physical harm. The scope of what's become a global problem is staggering. In a report issued in May, the US Institute of Peace estimates that at least 300,000 people are being forced to work, or are otherwise suffering human rights violations, inside these scam centers. The report also estimates global financial losses stemming from the scams at $64 billion in 2023, with the number of financial victims in the millions.

Meta says it has focused on investigating and disrupting the scam operations for more than two years, working with nongovernmental organizations and other tech companies, like OpenAI, Coinbase and dating-app operator Match Group, along with law enforcement in both the US and the countries where the centers are located.
Meta titled its blog post "Cracking Down On Organized Crime Behind Scam Centers," writing "We hope that sharing our insights will help inform our industry's defenses so we can collectively help protect people from criminal scammers."

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.

The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.

Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

"Steven Adair, of cybersecurity firm Veloxity, revealed at the Cyberwarcon security conference how Russian hackers were able to daisy-chain as many as three separate Wi-Fi networks in their efforts to attack victims," writes Longtime Slashdot reader smooth wombat. Wired reports: Adair says that Volexity first began investigating the breach of its DC customer's network in the first months of 2022, when the company saw signs of repeated intrusions into the customer's systems by hackers who had carefully covered their tracks. Volexity's analysts eventually traced the compromise to a hijacked user's account connecting to a Wi-Fi access point in a far end of the building, in a conference room with external-facing windows. Adair says he personally scoured the area looking for the source of that connection. "I went there to physically run down what it could be. We looked at smart TVs, looked for devices in closets. Is someone in the parking lot? Is it a printer?" he says. "We came up dry."

Only after the next intrusion, when Volexity managed to get more complete logs of the hackers' traffic, did its analysts solve the mystery: The company found that the hijacked machine which the hackers were using to dig around in its customer's systems was leaking the name of the domain on which it was hosted -- in fact, the name of another organization just across the road. "At that point, it was 100 percent clear where it was coming from," Adair says. "It's not a car in the street. It's the building next door." With the cooperation of that neighbor, Volexity investigated that second organization's network and found that a certain laptop was the source of the street-jumping Wi-Fi intrusion. The hackers had penetrated that device, which was plugged into a dock connected to the local network via Ethernet, and then switched on its Wi-Fi, allowing it to act as a radio-based relay into the target network. Volexity found that, to break into that target's Wi-Fi, the hackers had used credentials they'd somehow obtained online but had apparently been unable to exploit elsewhere, likely due to two-factor authentication.

Volexity eventually tracked the hackers on that second network to two possible points of intrusion. The hackers appeared to have compromised a VPN appliance owned by the other organization. But they had also broken into the organization's Wi-Fi from another network's devices in the same building, suggesting that the hackers may have daisy-chained as many as three networks via Wi-Fi to reach their final target. "Who knows how many devices or networks they compromised and were doing this on," says Adair. Volexity had presumed early on in its investigation that the hackers were Russian in origin due to their targeting of individual staffers at the customer organization focused on Ukraine. Then in April, fully two years after the original intrusion, Microsoft warned of a vulnerability in Windows' print spooler that had been used by Russia's APT28 hacker group -- Microsoft refers to the group as Forest Blizzard -- to gain administrative privileges on target machines. Remnants left behind on the very first computer Volexity had analyzed in the Wi-Fi-based breach of its customer exactly matched that technique. "It was an exact one-to-one match," Adair says.

An anonymous reader quotes a report from Reuters: Google has sued one of its former engineers in Texas federal court, accusing him of stealing trade secrets related to its chip designs and sharing them publicly on the internet. The lawsuit, filed on Tuesday (PDF), said that Harshit Roy "touted his dominion" over the secrets in social media posts, tagging competitors and making threatening statements to the company including "I need to take unethical means to get what I am entitled to" and "remember that empires fall and so will you."

Google hired Roy in 2020 to develop computer chips used in Google Pixel devices like smartphones. Google said in the lawsuit that Roy resigned in February and moved from Bangalore, India to the United States in August to attend a doctorate program at the University of Texas at Austin. According to the complaint, Roy began posting confidential Google information to his X account later that month along with "subversive text" directed at the company, such as "don't expect me to adhere to any confidentiality agreement." The posts included photographs of internal Google documents with specifications for Pixel processing chips.

The lawsuit said that Roy ignored Google's takedown requests and has posted additional trade secrets to X and LinkedIn since October. Google alleged that Roy tagged competitors Apple and Qualcomm in some of the posts, "presumably to maximize the potential harm of his disclosure." Google's complaint also said that several news outlets have published stories with confidential details about Google's devices based on the information that Roy leaked. Google asked the court for an unspecified amount of monetary damages and court orders blocking Roy from using or sharing its secrets.

Netflix is looking toward Discord for help in figuring out who, exactly, is leaking unreleased footage from some of its popular shows. From a report: The Northern District of California court issued a subpoena on Thursday to compel Discord to share information that can help identify a Discord user who's reportedly involved in leaking episodes and images from Netflix shows like Arcane and Squid Game.

Documents filed alongside the subpoena specifically call out an unreleased and copyrighted image from the second season of Squid Game, posted by a Discord user @jacejohns4n. In an interview linked on the user's now deleted X account, published on Telegram, the leaker claimed responsibility for the self-described "worst leak in streaming history," where episodes of Arcane, Heartstopper, Dandadan, Terminator Zero, and other shows were published online. Netflix confirmed in August that a post production studio was hacked.

The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

An anonymous reader quotes a report from Ars Technica: A federal court yesterday ruled against parents who sued a Massachusetts school district for punishing their son who used an artificial intelligence tool to complete an assignment. Dale and Jennifer Harris sued Hingham High School officials and the School Committee and sought a preliminary injunction requiring the school to change their son's grade and expunge the incident from his disciplinary record before he needs to submit college applications. The parents argued that there was no rule against using AI in the student handbook, but school officials said the student violated multiple policies.

The Harris' motion for an injunction was rejected in an order (PDF) issued yesterday from US District Court for the District of Massachusetts. US Magistrate Judge Paul Levenson found that school officials "have the better of the argument on both the facts and the law."

"On the facts, there is nothing in the preliminary factual record to suggest that HHS officials were hasty in concluding that RNH [the Harris' son, referred to by his initials] had cheated," Levenson wrote. "Nor were the consequences Defendants imposed so heavy-handed as to exceed Defendants' considerable discretion in such matters." "On the evidence currently before the Court, I detect no wrongdoing by Defendants," Levenson also wrote. "The manner in which RNH used Grammarly -- wholesale copying and pasting of language directly into the draft script that he submitted -- powerfully supports Defendants' conclusion that RNH knew that he was using AI in an impermissible fashion," Levenson wrote. While "the emergence of generative AI may present some nuanced challenges for educators, the issue here is not particularly nuanced, as there is no discernible pedagogical purpose in prompting Grammarly (or any other AI tool) to generate a script, regurgitating the output without citation, and claiming it as one's own work," the order said.

Levenson concluded with a quote from a 1988 Supreme Court ruling that said the education of youth "is primarily the responsibility of parents, teachers, and state and local school officials, and not of federal judges." According to Levenson, "This case well illustrates the good sense in that division of labor. The public interest here weighs in favor of Defendants."

According to Business Insider (paywalled), Microsoft's Copilot tool inadvertently let customers access sensitive information, such as CEO emails and HR documents. Now, Microsoft is working to fix the situation, deploying new tools and a guide to address the privacy concerns. The story was highlighted by Salesforce CEO Marc Benioff. From the report: These updates are designed "to identify and mitigate oversharing and ongoing governance concerns," the company said in a blueprint for Microsoft's 365 productivity software suite. [...] Copilot's magic -- its ability to create a 10-slide road-mapping presentation, or to summon a list of your company's most profitable products -- works by browsing and indexing all your company's internal information, like the web crawlers used by search engines. IT departments at some companies have set up lax permissions for who can access internal documents -- selecting "allow all" for the company's HR software, say, rather than going through the trouble of selecting specific users.

That didn't create much of a problem because there wasn't a tool that an average employee could use to identify and retrieve sensitive company documents -- until Copilot. As a result, some customers have deployed Copilot only to discover that it can let employees read an executive's inbox or access sensitive HR documents. "Now when Joe Blow logs into an account and kicks off Copilot, they can see everything," a Microsoft employee familiar with customer complaints said. "All of a sudden Joe Blow can see the CEO's emails."

An anonymous reader shares a report: People are using Spotify playlist and podcast descriptions to distribute spam, malware, pirated software and cheat codes for video games. Cybersecurity researcher Karol Paciorek posted an example of this: A Spotify playlist titled "*Sony Vegas Pro*13 C-r-a-c-k Free Download 2024 m-y-s-o-f-t-w-a-r-e-f-r-e-e.com" acts as a free advertisement for piracy website m-y-s-o-f-t-w-a-r-e-f-r-e-e[dot]com, which hosts malicious software.

"Cybercriminals exploit Spotify for #malware distribution," Paciorek posted on X. "Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links."

"The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement. "Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."

An anonymous reader shares a report: Lawyers for The New York Times and Daily News, which are suing OpenAI for allegedly scraping their works to train its AI models without permission, say OpenAI engineers accidentally deleted data potentially relevant to the case. Earlier this fall, OpenAI agreed to provide two virtual machines so that counsel for The Times and Daily News could perform searches for their copyrighted content in its AI training sets.

In a letter, attorneys for the publishers say that they and experts they hired have spent over 150 hours since November 1 searching OpenAI's training data. But on November 14, OpenAI engineers erased all the publishers' search data stored on one of the virtual machines, according to the aforementioned letter, which was filed in the U.S. District Court for the Southern District of New York late Wednesday. OpenAI tried to recover the data -- and was mostly successful. However, because the folder structure and file names were "irretrievably" lost, the recovered data "cannot be used to determine where the news plaintiffs' copied articles were used to build [OpenAI's] models," per the letter. "News plaintiffs have been forced to recreate their work from scratch using significant person-hours and computer processing time," counsel for The Times and Daily News wrote.

In a 23-page document (PDF) filed late Wednesday, U.S. regulators asked a federal judge to break up Google after a court found the tech giant of maintaining an abusive monopoly through its dominant search engine. As punishment, the DOJ calls for a sale of Google's Chrome browser and restrictions to prevent Android from favoring its own search engine. The Associated Press reports: Although regulators stopped short of demanding Google sell Android too, they asserted the judge should make it clear the company could still be required to divest its smartphone operating system if its oversight committee continues to see evidence of misconduct. [...] The Washington, D.C. court hearings on Google's punishment are scheduled to begin in April and Mehta is aiming to issue his final decision before Labor Day. If [U.S. District Judge Amit Mehta] embraces the government's recommendations, Google would be forced to sell its 16-year-old Chrome browser within six months of the final ruling. But the company certainly would appeal any punishment, potentially prolonging a legal tussle that has dragged on for more than four years.

Besides seeking a Chrome spinoff and a corralling of the Android software, the Justice Department wants the judge to ban Google from forging multibillion-dollar deals to lock in its dominant search engine as the default option on Apple's iPhone and other devices. It would also ban Google from favoring its own services, such as YouTube or its recently-launched artificial intelligence platform, Gemini. Regulators also want Google to license the search index data it collects from people's queries to its rivals, giving them a better chance at competing with the tech giant. On the commercial side of its search engine, Google would be required to provide more transparency into how it sets the prices that advertisers pay to be listed near the top of some targeted search results. The measures, if they are ordered, threaten to upend a business expected to generate more than $300 billion in revenue this year. "The playing field is not level because of Google's conduct, and Google's quality reflects the ill-gotten gains of an advantage illegally acquired," the Justice Department asserted in its recommendations. "The remedy must close this gap and deprive Google of these advantages."

A new study reveals that many users, particularly students and Redditors, view Z-Library as a vital resource for overcoming economic barriers to education, reflecting a "Robin Hood" mentality that prioritizes access to knowledge over copyright concerns. TorrentFreak reports: The research looks at the motivations of two groups; Reddit users and Chinese postgraduate students. Despite the vast differences between these groups, their views on Z-Library are quite similar. The 134 Reddit responses were sampled from the Zlibrary subreddit, which is obviously biased in favor of the site. However, the reasoning goes well beyond a simple "I want free stuff" arguments. Many commenters highlighted that they were drawn to the site out of poverty, for example, or they highlighted that Z-Library was an essential tool to fulfill their academic goals.

"Living in a 3rd world country, 1 book would cost like 50%- 80% already of my daily wage," one Redditor wrote. The idea that Z-Library is a 'necessary evil' was also highlighted by other commenters. This includes a student who can barely make ends meet, and a homeless person, who has neither the money nor the space for physical books. The lack of free access to all study materials, including academic journal subscriptions at university libraries, was also a key motivator. Paired with the notion that journal publishers make billions of dollars, without compensating authors, justification is found for 'pirate' alternatives. "They make massive profits. So stealing from them doesn't hurt the authors nor reviewers, just the rich greedy publishers who make millions just to design a cover and click 'publish'," one Redditor wrote.

The second part of the study is conducted in a more structured format among 103 postgraduate students in China. This group joined a seminar where Z-Library and the crackdown were discussed. In addition, the students participated in follow-up focus group discussions, while also completing a survey. Despite not all being users of the shadow library, 41% of the students agreed that the site's (temporary) shutdown affected their ability to study and find resources for degree learning. In general, the students have a favorable view toward Z-Library and similar sites, and 71% admit that they have used a shadow library in the past. In line with China's socialist values, the overwhelming majority of the students agreed that access to knowledge should be free for everyone. While the students are aware of copyright law, they believe that the need to access knowledge outweighs rightsholders' concerns. This is also reflected in the following responses, among others. All in all, Z-Library and other shadow libraries are seen as a viable option for expensive or inaccessible books, despite potential copyright concerns. The paper has been published in the Journal of University Teaching & Learning Practice.

The Verge's Richard Lawler reports: Strava recently informed its users and partners that new terms for its API restrict the data that third-party apps can show, refrain from replicating Strava's look, and place a ban on using data "for any model training related to artificial intelligence, machine learning or similar applications." The policy is effective as of November 11th, even though Strava's own post about the change is dated November 15th.

There are plenty of posts on social media complaining about the sudden shift, but one place where dissent won't be tolerated is Strava's own forums. The company says, "...posts requesting or attempting to have Strava revert business decisions will not be permitted." Brian Bell, Strava's VP of Communications and Social Impact, said in a statement: "We anticipate that these changes will affect only a small fraction (less than .1 percent) of the applications on the Strava platform -- the overwhelming majority of existing use cases are still allowed, including coaching platforms focused on providing feedback to users and tools that help users understand their data and performance."

Half of young Norwegians find online piracy acceptable when streaming services are too expensive, according to a new government survey released this week. The Ipsos poll of 1,411 respondents found that 32% of all Norwegians justify using pirate sites to save money, with acceptance rising to 50% among those under 30.

The rates increase further when specifically asked about pirating due to high streaming costs. Despite concerns about piracy, 61% of Norwegians paid for streaming services in the past year, including 64% of those under 30. Among active pirates, 41% said they would stop if legal services were more affordable, while 35% wanted broader content per service. Only 47% of respondents believed piracy supports organized crime, with 24% expressing uncertainty about this connection.

An anonymous reader shares a report: The US Patent and Trademark Office banned the use of generative artificial intelligence for any purpose last year, citing security concerns with the technology as well as the propensity of some tools to exhibit "bias, unpredictability, and malicious behavior," according to an April 2023 internal guidance memo obtained by WIRED through a public records request. Jamie Holcombe, the chief information officer of the USPTO, wrote that the office is "committed to pursuing innovation within our agency" but are still "working to bring these capabilities to the office in a responsible way."

Paul Fucito, press secretary for the USPTO, clarified to WIRED that employees can use "state-of-the-art generative AI models" at work -- but only inside the agency's internal testing environment. "Innovators from across the USPTO are now using the AI Lab to better understand generative AI's capabilities and limitations and to prototype AI-powered solutions to critical business needs," Fucito wrote in an email.

One of India's largest news agencies, Asian News International, has sued OpenAI in a case that could set a precedent for how AI companies use copyrighted news content in the world's most populous nation. From a report: Asian News International filed a 287-page lawsuit in the Delhi High Court on Monday, alleging the AI company illegally used its content to train its AI models and generated false information attributed to the news agency. The case marks the first time an Indian media organization has taken legal action against OpenAI over copyright claims.

According to Bloomberg, the U.S. Justice Department wants Google to sell off its Chrome browser as part of its ongoing search monopoly case. The recommendations will be made official on Wednesday. 9to5Google reports: At the top of the list is having Google sell Chrome "because it represents a key access point through which many people use its search engine." There are many questions about how that works, including what the impact on the underlying Chromium codebase would be. Would Google still be allowed to develop the open-source project by which many other browsers, like Microsoft Edge use? "The government has the option to decide whether a Chrome sale is necessary at a later date if some of the other aspects of the remedy create a more competitive market," reports Bloomberg. Google, which plans to appeal, previously said that "splitting off Chrome or Android would break them."

Bloomberg reports that "antitrust officials pulled back from a more severe option that would have forced Google to sell off Android." However, the government wants Google to "uncouple its Android smartphone operating system from its other products, including search and its Google Play mobile app store, which are now sold as a bundle." Meanwhile, other recommendations include licensing Google Search data and results, as well as allowing websites that are indexed for Search to opt out of AI training.

India's competition watchdog has ordered WhatsApp to stop sharing user data with other Meta units for advertising purposes for five years and also levied a fine of $25.4 million for antitrust violations related to WhatsApp's controversial 2021 privacy policy. From a report: The Competition Commission of India, which began the investigation in 2021, found that WhatsApp's "take-it-or-leave-it" privacy update constituted an abuse of Meta's dominant position by forcing users to accept expanded data collection without an opt-out option.

WhatsApp's 2021 privacy policy update required users to share their data with Meta companies in order to continue using the messaging service, removing a previous opt-out option that had existed since 2016. The mandatory data-sharing requirement expanded the scope of data collection and processing by Meta's group companies.

The Belgian region of Flanders is rolling out personal data "pods" to 7 million citizens in a trial of World Wide Web inventor Tim Berners-Lee's vision for user-controlled data privacy.

Five Belgian hospitals have begun storing patient visit information in the data pods, developed by Berners-Lee's startup Inrupt over the past five years. The system aims to help compliance with European privacy regulations by giving citizens control over their personal information, from medical records to social media posts.

The initiative counters the current internet landscape dominated by major technology companies like Google and Meta, which store user data across their servers. Berners-Lee, who created the World Wide Web at CERN in 1989, advocates for returning data control to users through decentralized systems rather than leaving it vulnerable to harvesting by tech platforms and governments.

On a small network of islands north of Seattle, Washington, San Juan County just completed its first full year of 32-hour workweeks, reports CNN.

And Tuesday the county released a report touting "a host of positive outcomes — from recruiting to retention to employee happiness — and a cost savings of more than $975,000 compared to what the county would have paid if it met the union's pay increase demands." The county said the 32-hour workweek has attracted a host of new talent: Applications have spiked 85.5% and open positions are being filled 23.75% faster, while more employees are staying in their jobs — separation (employees quitting or retiring) dropped by 48%. And 84% of employees said their work-life balance was better. "This is meeting many of the goals that we set out to do when we implemented it," County Manager Jessica Hudson said. said, noting the county is looking for opportunities to expand the initiative...

Departments across San Juan County have implemented the 32-hour workweek differently, some staggering staffing to maintain their previous availability to the public while others have shortened schedules to be open just four days a week... "I tell people, you're not going to see things change from your perspective," said Joe Ingman, a park manager in the county. "Offices are going to stay open, bathrooms are going to get cleaned, grass is going to get mowed." His department adjusted schedules to stay staffed seven days a week, and while communication across shifts was an initial hurdle, issues were quickly ironed out. "It was probably the smoothest summer I've had, and I've been working in parks for over a decade," he said, crediting the new schedule as a boon for recruiting. While job postings used to languish unfilled for months, last summer the applicant pool was not only bigger but more qualified, and the two staffers he hired both cited coming to the county because of the 32-hour workweek.

"It's no more cost to the public to work 32 hours — but we have better applicants," he said. Ingman also said the four-day workweek has done wonders for his job satisfaction; he'd watched colleagues burn out for years, but now sees a path for his own future in the department... County employees have used their extra time off to spend less money on childcare, volunteer in their kids' schools, and contribute to the community... While San Juan County's motivation in adopting a shortened workweek was financial, the benefits its employees cite speak to a larger trend, as workplaces around the country increasingly explore flexible schedules to combat burnout and attract and retain talent.

A survey of CEOs this spring found nearly one third of large US companies were looking into solutions like four-day or four-and-a-half-day workweeks... Even without a reduction in total hours, a Gallup poll last year found a third day off would be widely embraced: 77% of US workers said a 4-day, 40-hour workweek would have a positive impact on their wellbeing.
One worker shared their thoughts with CNN. "Life shouldn't be about just working yourself into the ground..." And they added that "So far, I feel happy; I feel seen as an employee and as a human, and I feel like it could be a beautiful step forward for other people if we just trust it and try it."

They even had some advice for other employers. "Change happens by somebody actually doing the change. The only way we're going to find out if it works is by doing."

"The Pentagon's latest report on UFOs has revealed hundreds of new reports of unidentified and unexplained aerial phenomena," reports the Associated Press, "but no indications suggesting an extraterrestrial origin.

"The review includes hundreds of cases of misidentified balloons, birds and satellites as well as some that defy easy explanation, such as a near-miss between a commercial airliner and a mysterious object off the coast of New York." Federal efforts to study and identify UAPs have focused on potential threats to national security or air safety and not their science fiction aspects. Officials at the Pentagon office created in 2022 to track UAPs, known as the All-Domain Anomaly Resolution Office, or AARO, have said there's no indication any of the cases they looked into have unearthly origins. "It is important to underscore that, to date, the All-Domain Anomaly Resolution Office has discovered no evidence of extraterrestrial beings, activity, or technology," the authors of the report wrote... Reporting witnesses included commercial and military pilots as well as ground-based observers. Investigators found explanations for nearly 300 of the incidents. In many cases, the unknown objects were found to be balloons, birds, aircraft, drones or satellites. According to the report, Elon Musk's Starlink satellite system is one increasingly common source as people mistake chains of satellites for UFOs. Hundreds of other cases remain unexplained, though the report's authors stressed that is often because there isn't enough information to draw firm conclusions.

No injuries or crashes were reported in any of the incidents, though a commercial flight crew reported one near miss with a "cylindrical object" while flying over the Atlantic Ocean off the coast of New York. That incident remains under investigation. In three other cases, military air crews reported being followed or shadowed by unidentified aircraft, though investigators could find no evidence to link the activity to a foreign power.
The article points out that the report's publication comes "a day after House lawmakers called for greater government transparency during a hearing on unidentified anomalous phenomena." And it concludes with this quote from Republican Represenative Andy Ogles of Tennessee. "There is something out there. The question is: Is it ours, is it someone else's, or is it otherworldly?"

jojowombl shares a report from The Guardian: Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker -- and not its government customers -- is the party that "installs and extracts" information from mobile phones targeted by the company's hacking software. The new details were contained in sworn depositions from NSO Group employees, portions of which were published for the first time on Thursday.

It comes five years after WhatsApp, the popular messaging app owned by Facebook, first announced it was filing suit against NSO. The company, which was blacklisted by the Biden administration in 2021, makes what is widely considered the world's most sophisticated hacking software, which -- according to researchers -- has been used in the past in Saudi Arabia, Dubai, India, Mexico, Morocco and Rwanda. [...] At the heart of the legal fight was an allegation by WhatsApp that NSO had long denied: that it was the Israeli company itself, and not its government clients around the world, who were operating the spyware. NSO has always said that its product is meant to be used to prevent serious crime and terrorism, and that clients are obligated not to abuse the spyware. It has also insisted that it does not know who its clients are targeting. [...]

To make its case, WhatsApp was allowed by Judge Phyllis Hamilton to make its case, including citing depositions that have previously been redacted and out of public view. In one, an NSO employee said customers only needed to enter a phone number of the person whose information was being sought. Then, the employee said, "the rest is done automatically by the system." In other words, the process was not operated by customers. Rather NSO alone decided to access WhatsApp's servers when it designed (and continuously upgraded) Pegasus to target individuals' phones. A spokesperson for NSO, Gil Lainer, said in a statement: "NSO stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system. We are confident that these claims, like many others in the past, will be proven wrong in court, and we look forward to the opportunity to do so."

Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack

An anonymous reader quotes a report from Bloomberg: The Australian government plans to enact laws requiring big tech firms to protect its citizens online, the latest move by the center-left Labor administration to crack down on social media including through age limits and curbs on misinformation. Communications Minister Michelle Rowland announced the government's plan for a legislated Digital Duty of Care in Australia on Wednesday night, saying it aligned with similar laws in the UK and European Union. "It is now time for industry to show leadership, and for social media to recognize it has a social responsibility," Rowland said in a speech in Sydney announcing the measures. It would "keep users safe and help prevent online harms."

In response to the laws, Facebook and Instagram operator Meta Platforms Inc. called for the restrictions to be handled by app stores, such as those run by Google and Apple Inc., rather than the platforms themselves. The government has ignored those requests, but has yet to announce what fines companies would face or what age verification information will need to be provided. At the same time, Albanese has moved forward controversial laws to target misinformation and disinformation online, which opponents have labeled an attack on freedom of speech. Earlier this month, Albanese said the government would legislate for a ban on social media for children under 16, a policy the government says is world-leading. "Social media is doing harm to our kids and I'm calling time on it," Albanese told a news conference.

ZDNet's Steven Vaughan-Nichols reports: [...] At KubeCon North America 2024 this week, CNCF executive director Priyanka Sharma said in her keynote, "Patent trolls are not contributors or even adopters in our ecosystem. Instead, they prey on cloud-native adopters by abusing the legal system. We are here to tell the world that these patent trolls don't stand a chance because CNCF is uniting the ecosystem to deter them. Like a herd of musk oxen, we will run them off our pasture." CNCF CTO Chris Aniszczyk added: "The reason trolls can make money is that many companies find it too expensive to fight back, so they pay trolls a settlement fee to avoid the even higher cost of litigation. Now, when a whole herd of companies band together like musk oxen to drive a troll off, it changes the cost structure of fighting back. It disrupts their economic model."

How? Jim Zemlin, the Linux Foundation's executive director, said, "We don't negotiate with trolls. Instead, with United Patents, we go to the PTO and crush those patents. We strive to invalidate them by working with developers who have prior art, bringing this to the attention of the USPTO, and killing patents. No negotiation, no settlement. We destroy the very asset that made patent trolls' business work. Together, since we've started this effort, 90% of the time, we've been able to go in there and destroy these patents." "It's time for us to band together," said Joanna Lee, CNCF's VP of strategic programs and legal. "We encourage all organizations in our ecosystem to get involved. Join the fight, enhance your own company's protection, protect your customers, enhance our community defense, and save money on legal expenses."

While getting your company and its legal department involved in the effort to fend off patent trolls is important, developers can also help. CNCF announced the Cloud Native Heroes Challenge, a patent troll bounty program in which cloud-native developers and technologists can earn swag and win prizes. They're asking you to find evidence of preexisting technology -- referred to by patent lawyers as "prior art" -- that can kill off bad patents. This could be open-source documentation (including release notes), published standards or specifications, product manuals, articles, blogs, books, or any publicly available information. All entrants who submit an entry that conforms to the contest rules will receive a free "Cloud Native Hero" t-shirt that can be picked up at any future KubeCon+CloudNativeCon. The winner will also receive a $3,000 cash prize.

In the inaugural contest, the CNCF is seeking information that can be used to invalidate Claim 1 from US Patent US-11695823-B1. This is the major patent asserted by Edge Networking Systems against Kubernetes users. As is often the case with such patents, it's much too broad. This patent describes a network architecture that facilitates secure and flexible programmability between a user device and across a network with full lifecycle management of services and infrastructure applications. That describes pretty much any modern cloud system. If you can find prior art that describes such a system before June 13, 2013, you could be a winner. Some such materials have already been found. This is already listed in the "known references" tab of the contest information page and doesn't qualify. If you care about keeping open-source software easy and cheap to use -- or you believe trolls shouldn't be allowed to take advantage of companies that make or use programs -- you can help. I'll be doing some digging myself.

quonset shares a report from CNN: Between August 2022 and January 2024, hundreds of swatting calls were made across the country targeting religious institutions, government offices, schools, and random people. Authorities were finally able to track down the criminal, Alan Fillon, who entered the plea to four counts of making interstate threats to injure the person of another, the US Attorney's Office for the Middle District of Florida said in a news release. He faces up to five years in prison on each count. A sentencing date has not yet been set.

The US Attorney's Office said Filion made more than 375 swatting and threat calls from August 2022 to January 2024. Those calls included ones in which he claimed to have planted bombs in targeted locations or threatened to detonate bombs and/or conduct mass shootings at those locations, prosecutors said. He targeted religious institutions, high schools, colleges and universities, government officials and people across the United States. Filion was 16 at the time he placed the majority of the calls.

An anonymous reader quotes a report from Data Center Dynamics: The Japanese government is planning to invest approximately $65 billion to support the country's semiconductor and AI industries. The initiative, which will run until the end of the decade, is expected to generate ~$104 billion in public and private investment during the period. According to a report from Reuters, this new round of funding will specifically target state-backed chip foundry Rapidus and other AI chip suppliers.

Rapidus was founded in November 2022 when the Japanese government and eight Japanese technology and automotive firms, including SoftBank, Sony, and NTT, invested more than $500 million to launch the business. Speaking at a news conference this week, Japanese Prime Minister Shigeru Ishiba did not provide any information about how the venture would be financed but said the government would not issue deficit-covering bonds. Japan's government also said it won't raise taxes to finance the $65 billion plan.

An anonymous reader quotes a report from TechCrunch: U.K. consumer rights group 'Which?' is filing a legal claim against Apple under competition law on behalf of some 40 million users of iCloud, its cloud storage service. The collective proceeding lawsuit, which is seeking 3 billion pounds in compensation damages (around $3.8 billion at current exchange rates), alleges that Apple has broken competition rules by giving its own cloud storage service preferential treatment and effectively locking people into paying for iCloud at "rip-off" prices. "iOS has a monopoly and is in control of Apple's operating systems and it is incumbent on Apple not to use that dominance to gain an unfair advantage in related markets, like the cloud storage market. But that is exactly what has happened," Which wrote in a press release announcing filing the claim with the U.K.'s Competition Appeal Tribunal (CAT).

The lawsuit accuses Apple of encouraging users of its devices to sign up to iCloud for photo storage and other data storage needs, while simultaneously making it difficult for consumers to use alternative storage providers -- including by not allowing them to store or back-up all of their phone's data with a third-party provider. "iOS users then have to pay for the service once photos, notes, messages and other data go over the free 5GB limit," Which noted. The suit also accuses Apple of overcharging U.K. consumers for iCloud subscriptions owing to the lack of competition. "Apple raised the price of iCloud for UK consumers by between 20% and 29% across its storage tiers in 2023," it wrote, saying it's seeking damages for all affected Apple customers -- and estimating that individual consumers could be owed an average of 70 pounds (around $90), depending on how long they've been paying Apple for iCloud services. "Anyone who has 'obtained' iCloud services, including non-paying users, over the nine-year timeframe since the Consumer Rights Act came into force on October 1st, 2015," will be included in the claim. U.K.-based consumers will have to opt-out if they do not want to be included. "Consumers who live outside the U.K. and believe they are eligible to be included must actively opt-in to join the action," adds TechCrunch.

During a public joint hearing today titled "Unidentified Anomalous Phenomena: Exposing the Truth," four experts testified that the U.S. is running secret UAP programs, including crash retrieval and reverse-engineering programs for advanced nonhuman technology. Although the Pentagon maintains there's no evidence of alien spacecraft, witnesses like Luis Elizondo and Michael Gold argue that UAPs represent an intelligence enigma and call for open, stigma-free study to address potential security concerns and unknown scientific possibilities. NPR reports: Tim Gallaudet, retired rear admiral, U.S. Navy; CEO of Ocean STL Consulting, LLC
"Confirmation that UAPs are interacting with humanity came for me in January 2015," Gallaudet said in his written testimony (PDF). He describes being part of a pre-deployment naval exercise off the U.S. East Coast that culminated in the famous "Go Fast" video, in which a Navy F/A-18 jet's sensors recorded "an unidentified object exhibiting flight and structural characteristics unlike anything in our arsenal." He was among a group of commanders involved in the exercise who received an email containing the video, which was sent by the operations officer of Fleet Forces Command, Gallaudet said. "The very next day, the email disappeared from my account and those of the other recipients without explanation," he said.

Luis Elizondo, author and former Department of Defense official
Elizondo's written testimony (PDF) was brief and alleged that a secretive arms race is playing out on the global stage. "Let me be clear: UAP are real," he wrote. "Advanced technologies not made by our Government -- or any other government -- are monitoring sensitive military installations around the globe. Furthermore, the U.S. is in possession of UAP technologies, as are some of our adversaries." Elizondo is a former intelligence officer who later "managed a highly sensitive Special Access Program on behalf of the White House and the National Security Council," according to his official bio (PDF). "By 2012, [Elizondo] was the senior ranking person of the DOD's Advanced Aerospace Threat Identification Program, a secretive Pentagon unit that studied unidentified anomalous phenomena," his bio states, adding that he resigned in 2017.

Michael Gold, former NASA associate administrator of space policy and partnerships; member of NASA UAP Independent Study Team
Gold's written testimony (PDF) stressed the need for government agencies and academics to "overcome the pernicious stigma that continues to impede scientific dialogue and open discussions" about unexplained phenomena. "As the saying goes, the truth is out there," Gold said, "we just need to be bold enough and brave enough to face it."

Michael Shellenberger, founder of Public, a news outlet on the Substack platform
Shellenberger's testimony (PDF) ran to some 214 pages, including a lengthy timeline of UAP reports from 1947 to 2023. Shellenberger pressed the White House and Congress to act, calling for the adoption of UAP transparency legislation and cutting funds for any related programs that aren't disclosed to lawmakers. "UAP transparency is bi-partisan and critical to our national security," his written testimony stated. You can watch the proceeding here.

The FBI raided Polymarket CEO Shayne Coplan's Manhattan apartment, seizing his phone and electronic devices. A source close to the matter told The New York Post it was politically motivated due to Polymarket's successful prediction of Trump's election win. It's "grand political theater at its worst," the source said. "They could have asked his lawyer for any of these things. Instead, they staged a so-called raid so they can leak it to the media and use it for obvious political reasons."

Although no charges were filed, the raid has sparked controversy, with speculation of political retribution and concerns over potential market manipulation, as Polymarket faces scrutiny both in the U.S. and from French regulators. The New York Post reports: Coplan was not arrested and has not been charged, a Polymarket spokesperson told The Post on Wednesday evening. "Polymarket is a fully transparent prediction market that helps everyday people better understand the events that matter most to them, including elections," the rep said. "We charge no fees, take no trading positions, and allow observers from around the world to analyze all market data as a public good."

Coplan posted on X after his run-in with the feds: "New phone, who dis?" Polymarket does not allow trading in the US, though bettors can bypass the ban by accessing the site through VPN. The FBI's investigation comes a week after Coplan said Polymarket is planning to return to the US. [...] In 2022, the online gambling platform was forced to pause its trading in the US and pay a $1.4 million penalty to settle charges with the Commodity Futures Trading Commission that it had failed to register with the agency. [In France, regulators are investigating Polymarket's compliance with national gambling laws, with concerns about unauthorized gambling activities within the country.] A Fortune report published a week before the election found widespread evidence of wash-trading on Polymarket. "Polymarket's Terms of Use expressly prohibit market manipulation," a Polymarket spokesperson told Fortune in a statement.

An anonymous reader shares a report: Officials inside the Secret Service clashed over whether they needed a warrant to use location data harvested from ordinary apps installed on smartphones, with some arguing that citizens have agreed to be tracked with such data by accepting app terms of service, despite those apps often not saying their data may end up with the authorities, according to hundreds of pages of internal Secret Service emails obtained by 404 Media.

The emails provide deeper insight into the agency's use of Locate X, a powerful surveillance capability that allows law enforcement officials to follow a phone, and person's, precise movements over time at the click of a mouse. In 2023, a government oversight body found that the Secret Service, Customs and Border Protection, and Immigration and Customs Enforcement all used their access to such location data illegally. The Secret Service told 404 Media in an email last week it is no longer using the tool. "If USSS [U.S. Secret Service] is using Locate X, that is most concerning to us," one of the internal emails said. 404 Media obtained them and other documents through a Freedom of Information Act (FOIA) request with the Secret Service.

An anonymous reader quotes a report from The Register: Royal assent was granted to two right to repair bills last week that amend Canada's Copyright Act to allow the circumvention of technological protection measures (TPMs) if this is done for the purposes of "maintaining or repairing a product, including any related diagnosing," and "to make the program or a device in which it is embedded interoperable with any other computer program, device or component." The pair of bills allow device owners to not only repair their own stuff regardless of how a program is written to prevent such non-OEM measures, but said owners can also make their devices work with third-party components without needing to go through the manufacturer to do so.

Bills C-244 (repairability) and C-294 (interoperability) go a long way toward advancing the right to repair in Canada and, as iFixit pointed out, are the first federal laws anywhere that address how TPMs restrict the right to repair -- but they're hardly final. TPMs can take a number of forms, from simple administrative passwords to encryption, registration keys, or even the need for a physical object like a USB dongle to unlock access to copyrighted components of a device's software. Most commercially manufactured devices with proprietary embedded software include some form of TPM, and neither C-244 nor C-294 place any restrictions on the use of such measures by manufacturers. As iFixit points out, neither Copyright Act amendments do anything to expand access to the tools needed to circumvent TPMs. That puts Canadians in a similar position to US repair advocates, who in 2021 saw the US Copyright Office loosen DMCA restrictions to allow limited repairs of some devices despite TPMs, but without allowing access to the tools needed to do so. [...]

Canadian Repair Coalition co-founder Anthony Rosborough said last week that the new repairability and interoperability rules represent considerable progress, but like similar changes in the US, don't actually amount to much without the right to distribute tools. "New regulations are needed that require manufacturers and vendors to ensure that products and devices are designed with accessibility of repairs in mind," Rosborough wrote in an op-ed last week. "Businesses need to be able to carry out their work without the fear of infringing various intellectual property rights."