Senior Department arms control official Paul Dean on Thursday urged China and Russia to declare that artificial intelligence would never make decisions on deploying nuclear weapons. Washington had made a "clear and strong commitment" that humans had total control over nuclear weapons, said Dean. Britain and France have made similar commitments. Reuters reports: "We would welcome a similar statement by China and the Russian Federation," said Dean, principal deputy assistant secretary in the Bureau of Arms Control, Deterrence and Stability. "We think it is an extremely important norm of responsible behaviour and we think it is something that would be very welcome in a P5 context," he said, referring to the five permanent members of the United Nations Security Council.

A bipartisan group of senators, led by Jeff Merkley, John Kennedy, and Roger Marshall, is advocating for limitations on the Transportation Security Administration's use of facial recognition technology due to concerns about privacy and civil liberties. PBS reports: In a letter on Thursday, the group of 14 lawmakers called on Senate leaders to use the upcoming reauthorization of the Federal Aviation Administration as a vehicle to limit TSA's use of the technology so Congress can put in place some oversight. "This technology poses significant threats to our privacy and civil liberties, and Congress should prohibit TSA's development and deployment of facial recognition tools until rigorous congressional oversight occurs," the senators wrote.

The effort, led by Sens. Jeff Merkley, D-Ore., John Kennedy, R-La., and Roger Marshall, R-Kan., "would halt facial recognition technology at security checkpoints, which has proven to improve security effectiveness, efficiency, and the passenger experience," TSA said in a statement. The technology is currently in use at 84 airports around the country and is planned to expand in the coming years to the roughly 430 covered by TSA.

Plumpaquatsch writes: Investigators teamed up with colleagues from the Balkans and Lebanon in raids set up by months of intense surveillance. Authorities say the operation thwarted over 10 million euro in damages and led to 21 arrests.

Dubbed 'Operation Pandora,' the sting began in Germany in December 2023, after a suspicious bank teller contacted police when a 76-year-old customer from Freiburg sought to hurriedly withdraw 120,000 euro ($128,232) from her savings account to hand over to a fake police officer. When real police investigators tracked the internet-based telephone number that had been used to lure the woman, they discovered a veritable goldmine.

Rather than shutting down the number, authorities instead went on the offensive, setting up their own call center in which hundreds of officers from Baden-Wurttemberg, Bavaria, Berlin and Saxony worked around the clock monitoring some 1.3 million calls in real time, as the number from the initial scam was tied to an entire network of fraud call centers. Police were able to trace and record data from the calls, as well as warn potential victims of what was in fact happening, in turn winning valuable time to put together the April 18 sting.

Police say their efforts allowed them to thwart some 10 million euro in damages in roughly 6,000 cases of attempted fraud.

samleecole writes: Utah set up an online form for people to accuse other citizens and public establishments of violating the state's recently-enacted transphobic "bathroom bill." The submission form is being flooded with memes and troll comments, and the auditor also left the submissions database open to the public -- without a password, authentication, or any other protections that would keep anyone from viewing other people's submissions.

After 404 Media contacted the auditor's office for comment, they changed the permissions to require authentication. The form link has been posted to Twitter, and people have repeatedly posted screenshots of themselves uploading memes. In the database, those included photos of Barry Wood, characters from Bee Movie, and Shutterstock images of bull testicles. Twitter users have also found a link to the database that the form is connected to, which is hosted on a public Google cloud console bucket that as of Thursday, required no authentication to view. I tested the form, and found that my submission -- a photo of the yelling table cat meme -- appeared instantly in the Google Console bucket. The submission form offers anonymity with the option for the state auditor to contact submitters for more details. I haven't seen names and contact information shared in the database, but comments and image attachments were easily viewable.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission chair today made a final plea to Congress, asking for money to continue a broadband-affordability program that gave out its last round of $30 discounts to people with low incomes in April. The Affordable Connectivity Program (ACP) has lowered monthly Internet bills for people who qualify for benefits, but Congress allowed funding to run out. People may receive up to $14 in May if their ISP opted into offering a partial discount during the program's final month. After that there will be no financial help for the 23 million households enrolled in the program.

"Additional funding from Congress is the only near-term solution for keeping the ACP going," FCC Chairwoman Jessica Rosenworcel wrote in a letter to members of Congress today. "If additional funding is not promptly appropriated, the one in six households nationwide that rely on this program will face rising bills and increasing disconnection. In fact, according to our survey of ACP beneficiaries, 77 percent of participating households report that losing this benefit would disrupt their service by making them change their plan or lead to them dropping Internet service entirely." The ACP started with $14.2 billion allocated by Congress in late 2021. The $30 monthly ACP benefit replaced the previous $50 monthly subsidy from the Emergency Broadband Benefit Program.

An anonymous reader quotes a report from Bloomberg: Dropbox said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers. The software company said it became aware of the cyberattack on April 24, sought to limit the incident and reported it to law enforcement and regulatory authorities. "We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings," Dropbox said Wednesday in a regulatory filing. "For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication."

Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn't disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company's finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.

An anonymous reader shares a report: Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it's still unclear how many Americans were impacted by the cyberattack. Last month, Andrew Witty, the CEO of Change Healthcare's parent company UnitedHealth Group, said that the stolen files include the personal health information of "a substantial proportion of people in America." On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted "I think, maybe a third [of Americans] or somewhere of that level."

Kaiser Permanente is the latest healthcare giant to report a data breach. Kaiser said 13.4 million current and former insurance members had their patient data shared with third-party advertisers, thanks to an improperly implemented tracking code the company used to see how its members navigated through its websites. Dark Reading reports: The shared data included names, IP addresses, what pages people visited, whether they were actively signed in, and even the search terms they used when visiting the company's online health encyclopedia. Kaiser has reportedly removed the tracking code from its sites, and while the incident wasn't a hacking event, the breach is still concerning from a security perspective, according to Narayana Pappu, CEO at Zendata.

"The presence of third-party trackers belonging to advertisers, and the oversharing of customer information with these trackers, is a pervasive problem in both health tech and government space," he explains. "Once shared, advertisers have used this information to target ads at users for complementary products (based on health data); this has happened multiple times in the past few years, including at Goodrx. Although this does not fit the traditional definition of a data breach, it essentially results in the same outcome -- an entity and the use case the data was not intended for has access to it. There is usually no monitoring/auditing process to identify and prevent the issue."

The Supreme Court on Tuesday refused to block on free speech grounds a provision of Texas law aimed at preventing minors from accessing pornographic content online. From a report: The justices turned away a request made by the Free Speech Coalition, a pornography industry trade group, as well as several companies. The challengers said the 2023 law violates the Constitution's First Amendment by requiring anyone using the platforms in question, including adults, to submit personal information.

One provision of the law, known as H.B. 1181, mandates that platforms verify users' ages by requiring them to submit information about their identities. Although the law is aimed at limiting children's access to sexually explicit content, the lawsuit focuses on how those measures also affect adults. "Specifically, the act requires adults to comply with intrusive age verification measures that mandate the submission of personally identifying information over the internet in order to access websites containing sensitive and intimate content," the challengers wrote in court papers.

One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole. From a report: Julius Kivimaki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo. After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists. At least one suicide has been linked to the case, which has shocked the country.

Kivimaki has been sentenced to six years and three months in prison. In terms of the number of victims, his trial was the biggest criminal case in Finnish history. One of them gave their reaction to the BBC. "The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence," said Tiina Parrika. "After this there rise thoughts about how short the conviction is, when reflected against the number of victims," she added. "But, that's the Finnish law and I must accept that."

Eight prominent U.S. newspapers owned by investment giant Alden Global Capital are suing OpenAI and Microsoft for copyright infringement, in a complaint filed Tuesday in the Southern District of New York. From a report: Until now, the Times was the only major newspaper to take legal action against AI firms for copyright infringement. Many other news publishers, including the Financial Times, the Associated Press and Axel Springer, have instead opted to strike paid deals with AI companies for millions of dollars annually, undermining the Times' argument that it should be compensated billions of dollars in damages.

The lawsuit is being filed on behalf of some of the most prominent regional daily newspapers in the Alden portfolio, including the New York Daily News, Chicago Tribune, Orlando Sentinel, South Florida Sun Sentinel, San Jose Mercury News, Denver Post, Orange County Register and St. Paul Pioneer Press.

Jules Roscoe reports via 404 Media: Russia has replaced Wikipedia with a state-sponsored encyclopedia that is a clone of the original Russian Wikipedia but which conveniently has been edited to omit things that could cast the Russian government in poor light. Real Russian Wikipedia editors used to refer to the real Wikipedia as Ruwiki; the new one is called Ruviki, has "ruwiki" in its url, and has copied all Russian-language Wikipedia articles and strictly edited them to comply with Russian laws. The new articles exclude mentions of "foreign agents," the Russian government's designation for any person or entity which expresses opinions about the government and is supported, financially or otherwise, by an outside nation. [...]

Wikimedia RU, the Russian-language chapter of the non-profit that runs Wikipedia, was forced to shut down in late 2023 amid political pressure due to the Ukraine war. Vladimir Medeyko, the former head of the chapter who now runs Ruviki, told Novaya Gazeta Europe in July that he believed Wikipedia had problems with "reliability and neutrality." Medeyko first announced the project to copy and censor the 1.9 million Russian-language Wikipedia articles in June. The goal, he said at the time, was to edit them so that the information would be "trustworthy" as a source for all Russian users. Independent outlet Bumaga reported in August that around 110 articles about the war in Ukraine were missing in full, while others were severely edited. Ruviki also excludes articles about reports of torture in prisons and scandals of Russian government representatives. [...]

Graphic designer Constantine Konovalov calculated the number of characters changed between Wikipedia RU and Ruviki articles on the same topics, and found that there were 205,000 changes in articles about freedom of speech; 158,000 changes in articles about human rights; 96,000 changes in articles about political prisoners; and 71,000 changes in articles about censorship in Russia. He wrote in a post on X that the censorship was "straight out of a 1984 novel." Interestingly, the Ruviki article about George Orwell's 1984 entirely omits the Ministry of Truth, which is the novel's main propaganda outlet concerned with governing "truth" in the country.

Longtime Slashdot reader ArchieBunker shares a report from The Mirror: The city court in Syktyvkar, the largest city in Russia's northwestern Komi region, announced it had arrested [former world chess champion Garry Kasparov] in absentia alongside former Russian parliament member Gennady Gudkov, Ivan Tyutrin co-founder of the Free Russia Forum -- which has been designated as an "undesirable organization in the country -- as well as former environmental activist Yevgenia Chirikova. All were charged with setting up a terrorist society, according to the court's press service. As all were charged in their absence, none were physically held in custody.

"The court has selected a measure of restraint for Garry Kasparov, Gennady Gudkov, Yevgenia Chirikova and Ivan Tyutrin, charged with establishing and heading a terrorist society, funding terrorist activity and justifying it publicly," the court said according to Kremlin-backed outlet TASS. "The court granted the investigative bodies' motions to remand Kasparov, Gudkov, Chirikova and Tyutrin in custody as a measure of restraint."

Kasparov responded to the court's bizarre arrest statement in an April 24 post shared on X, formerly Twitter. "In absentia is definitely the best way I've ever been arrested," he said. "Good company, as well. I'm sure we're all equally honored that Putin's terror state is spending time on this that would otherwise go persecuting and murdering." The report notes that Kasparov "found himself in Russian President Vladimir Putin's firing line after he voiced his opposition to the country's leader." The report continues: "He has also pursued pro-democracy initiatives in Russia. But he felt unable to continue living in Russia after he was jailed and allegedly beaten by police in 2012, according to the Guardian. He was granted Croatian citizenship in 2014 following repeated difficulties in Russia."

An anonymous reader shared a report this week from Reuters: The U.S. Department of Commerce is reviewing the national security implications of China's work in open-source RISC-V chip technology, according to a letter sent to U.S. lawmakers...

The technology is being used by major Chinese tech firms such as Alibaba Group Holding and has become a new front in the strategic competition over advanced chip technology between the U.S. and China. In November, 18 U.S. lawmakers from both houses of Congress pressed the Biden administration for its plans to prevent China "from achieving dominance in ... RISC-V technology and leveraging that dominance at the expense of U.S. national and economic security."

In a letter last week to the lawmakers that was seen by Reuters on Tuesday, the Commerce Department said it is "working to review potential risks and assess whether there are appropriate actions under Commerce authorities that could effectively address any potential concerns."

But the Commerce Department also noted that it would need to tread carefully to avoid harming U.S. companies that are part of international groups working on RISC-V technology.

Pursuing an unfair business practices case against Amazon, America's Federal Trade Commission has now "accused" Amazon of using Signal, reports the Seattle Times:

The newspaper notes that the app "can be set to automatically delete messages, to hide information related to the FTC's ongoing antitrust investigation into the company." In a court filing this week, the FTC moved to "compel" Amazon to share more information about its policies and instructions related to using the Signal app... The FTC accused Amazon executives of manually turning on the feature to delete messages in Signal even after the company learned that the FTC was investigating and had told Amazon to keep documents, emails and other messages.

Many of Amazon's senior leaders used Signal, according to the FTC, including former CEO and current chair Jeff Bezos, CEO Andy Jassy, and general counsel David Zapolsky, as well as Jeff Wilke, former head of Amazon's worldwide consumer business, and Dave Clark, former worldwide operations chief. "Amazon is a company that tightly controls what its employees put into writing," FTC attorneys said in a court filing Thursday. "But Amazon's senior leadership also used another channel for internal communications and avoided the need to talk carefully by destroying the records of their messages...."

In the court filing Thursday, the FTC asked Amazon to provide two troves of documents related to its use of Signal: Amazon's document preservation notices and its instructions about the use of "ephemeral messaging applications, including Signal." The FTC said Amazon waited for more than a year after it learned of the investigation to instruct its employees to preserve Signal messages. "It is highly likely that relevant information has been destroyed as a result of Amazon's actions and inactions," the FTC wrote in court records.