Policy

big-loss-for-isps-as-supreme-court-won’t-hear-challenge-to-$15-broadband-law

Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law

The Supreme Court petition was filed by the New York State Telecommunications Association, CTIA-The Wireless Association, NTCA-The Rural Broadband Association, USTelecom, ACA Connects-America’s Communications Association, and the Satellite Broadcasting and Communications Association. Cable lobby group NCTA filed a brief supporting the petition.

New York Attorney General Letitia James defended the state law in a Supreme Court brief filed in October. The brief said that when New York enacted its law, the Pai-era FCC “had classified broadband as an information service subject to Title I of the Communications Act. Under Title I, Congress gave the FCC only limited regulatory authority—leaving ample room for States to regulate information services.”

Multiple appeals courts have found “that federal law does not broadly preempt state regulations of Title I information services,” and “Congress has expressed no intent—much less the requisite clear and manifest intent—to preempt state regulation of Title I information services,” the New York brief said. “Applicants’ field preemption claim fails because, far from imposing a pervasive federal regulatory regime on Title I information services, Congress instead gave the FCC only limited authority over information services. Congress thus left the States’ traditional police powers over information services largely untouched.”

Law requires $15 price, or $20 for higher speeds

It’s unclear when New York might start enforcing its law. The state law was approved in 2021 and required ISPs to offer $15 broadband plans with download speeds of at least 25Mbps, with the $15 being “inclusive of any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees.”

The law also said ISPs could instead choose to comply by offering $20-per-month service with 200Mbps speeds. Price increases would be capped at 2 percent per year, and state officials would periodically review whether minimum required speeds should be raised.

Residents who meet income eligibility requirements would qualify for the plans. ISPs with 20,000 or fewer subscribers would be allowed to apply for exemptions from the law.

The New York attorney general’s Supreme Court brief argued that public-interest factors “weigh heavily in favor of allowing” the law, and that it won’t create the economic problems that telco groups warned of. “The three largest broadband providers in New York are already offering an affordable broadband product to low-income consumers irrespective of the ABA, and smaller broadband providers can seek an exemption from the ABA’s requirements,” the brief said.

Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law Read More »

facing-ban-next-month,-tiktok-begs-scotus-for-help

Facing ban next month, TikTok begs SCOTUS for help

TikTok: Ban is slippery slope to broad US censorship

According to TikTok, the government’s defense of the ban to prevent China from wielding a “covert” influence over Americans is a farce invented by lawyers to cover up the true mission of censorship. If the lower court’s verdict stands, TikTok alleged, “then Congress will have free rein to ban any American from speaking simply by identifying some risk that the speech is influenced by a foreign entity.”

TikTok doesn’t want to post big disclaimers on the app warning of “covert” influence, claiming that the government relied on “secret evidence” to prove this influence occurs on TikTok. But if the Supreme Court agrees that the government needed to show more than “bare factual assertions” to back national security claims the lower court said justified any potential speech restrictions, then the court will also likely agree to reverse the lower court’s decision, TikTok suggested.

It will become much clearer by January 6 whether the January 19 ban will take effect, at which point TikTok would shut down, booting all US users from the app. TikTok urged the Supreme Court to agree it is in the public interest to delay the ban and review the constitutional claims to prevent any “extreme” harms to both TikTok and US users who depend on the app for news, community, and income.

If SCOTUS doesn’t intervene, TikTok said that the lower court’s “flawed legal rationales would open the door to upholding content-based speech bans in contexts far different than this one.”

“Fearmongering about national security cannot obscure the threat that the Act itself poses to all Americans,” TikTok alleged, while suggesting that even Congress would agree that a “modest delay” in enforcing the law wouldn’t pose any immediate risk to US national security. Congress is also aware that a sale would not be technically, commercially, or legally possible in the timeframe provided, TikTok said. A temporary injunction would prevent irreparable harms, TikTok said, including the irreparable harm courts have long held is caused by restricting speech of Americans for any amount of time.

“An interim injunction is also appropriate because it will give the incoming Administration time to determine its position, as the President-elect and his advisors have voiced support for saving TikTok,” TikTok argued.

Ars could not immediately reach TikTok for comment.

Facing ban next month, TikTok begs SCOTUS for help Read More »

in-it?-need-cash?-cybersecurity-whistleblowers-are-earning-big-payouts.

In IT? Need cash? Cybersecurity whistleblowers are earning big payouts.

Matthew Decker is the former chief information officer for Penn State University’s Applied Research Laboratory. As of October, he’s also $250,000 richer.

In his Penn State position, Decker was well placed to see that the university was not implementing all of the cybersecurity controls that were required by its various contracts with NASA and the Department of Defense (DoD). It did not, for instance, use an external cloud services provider that met the DoD’s security guidelines, and it fudged some of the self-submitted “scores” it made to the government about Penn State’s IT security.

So Decker sued the school under the False Claims Act, which lets private individuals bring cases against organizations on behalf of the government if they come across evidence of wrongdoing related to government contracts. In many of these cases, the government later “intervenes” to assist with the case (as it did here), but whether it does so or not, whistleblowers stand to collect a percentage of any fines if they win.

In October, Penn State agreed to a $1.25 million settlement with the government; Decker got $250,000 of the money.

On the regular

This now happens in IT with some regularity. In November, Dell, Dell Federal Systems, and Iron Bow Technologies settled with the government for $4.3 million over claims that they “violated the False Claims Act by submitting and causing the submission of non-competitive bids to the Army and thereby overcharging the Army under the Army Desktop and Mobile Computing 3 (ADMC-3) contract.”

But once again, this wasn’t something the government uncovered on its own; a whistleblower named Brent Lillard, who was an executive at another company in the industry, brought the initial complaint. For his work, Lillard just made $345,000.

In early December, Gen Digital (formerly Symantec) paid a much larger fee—$55.1 million—after losing a trial in 2022. Gen Digital/Symantec was found liable for charging the government higher prices than it charged to companies.

Once again, the issue was brought to light by a whistleblower, Lori Morsell, who oversaw the contract for Gen Digital/Symantec. Morsell’s award has not yet been determined by the court, but given the amount of the payout, it should be substantial.

False Claims Act goes digital

Due to the complexity of investigating—or even finding out about—technical failures and False Claims Act cases from the outside of an organization, the government has increasingly relied on whistleblowers to kick-start these sorts of IT cases.

In IT? Need cash? Cybersecurity whistleblowers are earning big payouts. Read More »

hackers-seek-ransom-after-getting-ssns,-banking-info-from-state-gov’t-portal

Hackers seek ransom after getting SSNs, banking info from state gov’t portal

Hackers trying to extort the Rhode Island government infiltrated the state’s public benefits system, causing state officials to shut down online services that let residents apply for Medicaid and other assistance programs.

“As part of this investigation today, we discovered that within the Rhode Island Bridges system, a cybercriminal had installed dangerous malware that constituted an urgent threat,” Governor Dan McKee said at a Friday night press conference, according to The Providence Journal. “That is why tonight we have shut down the system. That means customers will temporarily not be able to access any customer portal related to the services on Rhode Island Bridges.”

The vendor “Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges,” McKee’s office said in a press release. Rhode Island has “proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible.”

The state decided to sign a new three-year contract with Deloitte in 2021 despite its earlier failure to build a stable system. RIBridges, originally called Unified Health Infrastructure Project (UHIP), launched in 2016 and “suffered from massive cost overruns before launch and catastrophic failures afterward,” WPRI wrote in 2021.

The hack disclosed on Friday has already inspired a class-action lawsuit against Deloitte. The lawsuit was filed in a federal court yesterday.

Many state programs impacted

Information obtained by hackers “may include names, addresses, dates of birth and Social Security numbers, as well as certain banking information,” the governor’s office said Friday, noting that analysis of the breach was not complete.

“To the best of our knowledge, any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak,” the governor’s office said. This includes Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS), and the General Public Assistance (GPA) Program.

An updates page said the state and Deloitte are still “focused on addressing the threat” and aren’t yet saying when the RIBridges system will be restored. “We understand this is an alarming situation for our customers. Current customers will not be able to log into their account through the portal or the mobile app while the system is offline… Rhode Islanders seeking to apply for benefits can still submit a paper application.”

Hackers seek ransom after getting SSNs, banking info from state gov’t portal Read More »

amazon-facing-strike-threats-as-senate-report-details-hidden-widespread-injuries

Amazon facing strike threats as Senate report details hidden widespread injuries


“Obsessed with speed and productivity”

Amazon ignores strike threats, denies claims of “uniquely dangerous warehouses.”

Just as Amazon warehouse workers are threatening to launch the “first large-scale” unfair labor practices strike at Amazon in US history, Sen. Bernie Sanders (I-Vt.) released a report accusing Amazon of operating “uniquely dangerous warehouses” that allegedly put profits over worker safety.

As chair of the Senate Committee on Health, Education, Labor, and Pensions, Sanders started investigating Amazon in June 2023. His goal was “to uncover why Amazon’s injury rates far exceed those of its competitors and to understand what happens to Amazon workers when they are injured on the job.”

According to Sanders, Amazon “sometimes ignored” the committee’s requests and ultimately only supplied 285 documents requested. The e-commerce giant was mostly only willing to hand over “training materials given to on-site first aid staff,” Sanders noted, rather than “information on how it tracks workers, the quotas it imposes on workers, and the disciplinary actions it takes when workers cannot meet those quotas, internal studies on the connection between speed and injury rates, and the company’s treatment of injured workers.”

To fill in the gaps, Sanders’ team “conducted an exhaustive inquiry,” interviewing nearly 500 workers who provided “more than 1,400 documents, photographs, and videos to support their stories.” And while Amazon’s responses were “extremely limited,” Sanders said that the Committee was also able to uncover internal studies that repeatedly show that “Amazon chose not to act” to address safety risks, allegedly “accepting injuries to its workers as the cost of doing business.”

Perhaps most critically, key findings accuse Amazon of manipulating workplace injury data by “cherry-picking” data instead of confronting the alleged fact that “an analysis of the company’s data shows that Amazon warehouses recorded over 30 percent more injuries than the warehousing industry average in 2023.” The report also alleged that Amazon lied to federal regulators about injury data, discouraged workers from receiving outside care to hide injuries, and terminated injured workers while on approved medical leave.

“This evidence reveals a deeply troubling picture of how one of the largest corporations in the world treats its workforce,” Sanders reported, documenting “a corporate culture obsessed with speed and productivity.”

Amazon disputed Sanders’ report

In a statement, Amazon spokesperson Kelly Nantel disputed the report as “wrong on the facts.”

Sanders’ report allegedly “weaves together out-of-date documents and unverifiable anecdotes to create a pre-conceived narrative that he and his allies have been pushing for the past 18 months,” Nantel said. “The facts are, our expectations for our employees are safe and reasonable—and that was validated both by a judge in Washington after a thorough hearing and by the State’s Board of Industrial Insurance Appeals, which vacated ergonomic citations alleging a hazardous pace of work.”

Nantel said that Sanders ignored that Amazon has made “meaningful progress on safety—improving our recordable incident rates by 28 percent in the US since 2019, and our lost time incident rates (the most serious injuries) by 75 percent.”

But Sanders’ report anticipated this response, alleging that “many” workers “live with severe injuries and permanent disabilities because of the company’s insistence on enforcing grueling productivity quotas and its refusal to adequately care for injured workers.” Sanders said if Amazon had compelling evidence that refuted workers’ claims, the company failed to produce it.

“Although the Committee expects Amazon will dispute the veracity of the evidence those workers provided, Amazon has had eighteen months to offer its own evidence and has refused to do so,” Sanders reported.

Amazon Labor Union preparing to strike

In August, the National Labor Relations Board (NLRB) determined that Amazon is a joint employer of contracted drivers hired to ensure the e-commerce giant delivers its packages when promised. The Amazon Labor Union (ALU)—which nearly unanimously voted to affiliate with the International Brotherhood of Teamsters this summer—considered this a huge win after Amazon had long argued that it had no duty to bargain with driver unions and no responsibility for alleged union busting.

Things seemed to escalate quickly after that, with the NLRB in October alleging that Amazon illegally refused to bargain with the union, which reportedly represents thousands of drivers who are frustrated by what they claim are low wages and dangerous working conditions. As the NLRB continues to seemingly side with workers, Amazon allegedly is “teaming up with Elon Musk in a lawsuit to get the NLRB declared unconstitutional,” workers said in an email campaign reviewed by Ars.

Now, as the holidays approach and on-time deliveries remain Amazon’s top priority, the ALU gave the tech company until Sunday to come to the bargaining table or else “hundreds of workers are prepared to go on strike” at various warehouses. In another email reviewed by Ars, the ALU pushed for donations to support workers ahead of the planned strike.

“It’s one of the busiest times of year for Amazon,” the email said. “The threat of hundreds of workers at one of its busiest warehouses walking out has real power.”

In a statement provided to Ars, Amazon spokesperson Eileen Hards said that Sanders refused to visit Amazon facilities to see working conditions “firsthand” and instead pushed a “pre-conceived narrative” that Amazon claims is unsupported. Her statement also seemed to suggest that Amazon isn’t taking the threat of workers striking seriously, alleging that the ALU also pushes a “false narrative” by supposedly exaggerating the number of workers who have unionized. (Amazon’s full statement disputing Sanders’ claims in-depth is here.)

“For more than a year now, the Teamsters have continued to intentionally mislead the public—claiming that they represent ‘thousands of Amazon employees and drivers,’” Hards said. “They don’t, and this is another attempt to push a false narrative. The truth is that the Teamsters have actively threatened, intimidated, and attempted to coerce Amazon employees and third-party drivers to join them, which is illegal and is the subject of multiple pending unfair labor practice charges against the union.”

Workers seem unlikely to be quieted by such statements, telling Sanders that Amazon allegedly regularly ignores their safety concerns, orders workers to stay in roles causing them pain, denies workers’ medical care, and refuses to accommodate disabilities. Among the support needed for workers preparing to walk out are medical care and legal support, including “worker retaliation defense funds,” the union’s campaign said.

While Amazon seemingly downplays the number of workers reportedly past their breaking point, Sanders alleged that the problem is much more widespread than Amazon admits. According to his report, Amazon workers over “the past seven years” were “nearly twice as likely to be injured as workers in warehouses operated by the rest of the warehousing industry,” and “more than two-thirds of Amazon’s warehouses have injury rates that exceed the industry average.”

Amazon allegedly refuses to accept these estimates, even going so far as repeatedly claiming that “worker injuries were actually the result of workers’ ‘frailty’ and ‘intrinsic likelihood of injury,'” Sanders reported, rather than due to Amazon’s fast-paced quotas.

Laws that could end Amazon’s alleged abuse

On top of changes that Amazon could voluntarily make internally to allegedly improve worker safety, Sanders recommended a range of regulatory actions to force Amazon to end the allegedly abusive practices.

Among solutions is a policy that would require Amazon to disclose worker quotas that allegedly “force workers to move quickly and in ways that cause injuries.” Such transparency is required in some states but could become federal law, if the Warehouse Worker Protection Act passes.

And likely even more impactful, Sanders pushed to pass the Protecting America’s Workers Act (PAWA), which would increase civil monetary penalties for violations of worker safety laws.

In his report, Sanders noted that Amazon is much too big to be held accountable by current maximum penalties for workplace safety violations, which are just over $16,000. Penalties for 50 violations for one two-year period were just $300,000, Sanders said, which was “approximately 1 percent of Amazon CEO Andy Jassy’s total compensation in 2023.”

Passing PAWA would spike the maximum penalty for willful and repeated violations to $700,000 and is necessary, Sanders advocated, to “hold Amazon accountable for its failure to protect its workers.”

Additional legal protections that Congress could pass to protect workers include laws protecting workers’ rights to organize, banning Amazon from disciplining workers based on automated systems allegedly “prone to errors,” and ending Amazon’s alleged spying, partly by limiting worker surveillance.

In his report, Sanders suggested that his findings align with workers’ concerns that have become “the basis of efforts to organize warehouses in New York, Kentucky, Florida, Alabama, Missouri, and beyond.” And as many workers seem ready to strike at Amazon’s busiest time of year, instead of feeling optimistic that Amazon will bargain with workers, they’re bracing for suspected retaliation and planning to hit Amazon where it hurts most—the e-commerce giant’s bottom line.

In an email Monday, the campaign suggested that “Amazon only speaks one language, and that’s money.”

“We’re ready to withhold our labor if they continue to ignore their legal obligation to come to the table,” the email said, noting that when it comes to worker well-being, “our message is clear: We can’t wait anymore.”

Photo of Ashley Belanger

Ashley is a senior policy reporter for Ars Technica, dedicated to tracking social impacts of emerging policies and new technologies. She is a Chicago-based journalist with 20 years of experience.

Amazon facing strike threats as Senate report details hidden widespread injuries Read More »

t-mobile-users-can-try-starlink-enabled-phone-service-for-free-during-beta

T-Mobile users can try Starlink-enabled phone service for free during beta

T-Mobile today said it opened registration for the “T-Mobile Starlink” beta service that will enable text messaging via satellites in dead zones not covered by cell towers.

T-Mobile’s announcement said the service using Starlink’s low-Earth orbit satellites will “provid[e] coverage for the 500,000 square miles of land in the United States not covered by earth-bound cell towers.” Starlink parent SpaceX has so far launched over 300 satellites with direct-to-cell capabilities, T-Mobile noted.

A registration page says, “We expect the beta to begin in early 2025, starting with texting and expanding to data and voice over time. The beta is open to all T-Mobile postpaid customers for free, but capacity is limited.”

T-Mobile said the beta “is expected to work with most modern mobile phones” but will work best with “select smartphones.” People with those “select” devices will apparently have a better chance of getting into the beta.

“T-Mobile postpaid customers with optimized devices will be admitted on a ‘first come, first served’ basis,” T-Mobile said. “We’ll expand the beta to more customers and more devices as more satellites launch.”

Businesses and first responders can also register. “Because of the critical role these first responder agencies and individuals play in safeguarding our communities, T-Mobile is prioritizing this audience for the beta program,” the carrier said.

Commercial service sometime in 2025

T-Mobile said the commercial service will launch “sometime in 2025” but did not say how much it will cost.

T-Mobile users can try Starlink-enabled phone service for free during beta Read More »

elon-musk-slams-sec-as-agency-threatens-charges-in-twitter-stock-probe

Elon Musk slams SEC as agency threatens charges in Twitter stock probe

An SEC spokesperson told Ars today that the commission’s policy is “to conduct investigations on a confidential basis to preserve the integrity of its investigative process. The SEC therefore does not comment on the existence or nonexistence of a possible investigation.”

A Reuters source confirmed the settlement offer. “The SEC sent Musk a settlement offer on Tuesday seeking a response in 48 hours, but extended it to Monday after a request for more time, the source said,” according to a Reuters article today.

The settlement offer was also confirmed by a source who spoke to The Washington Post. “One person familiar with the probe, who spoke on the condition of anonymity to describe a confidential law enforcement proceeding, confirmed that Musk had been sent a settlement offer in recent days,” the Post wrote last night. “But the person said they believed the tech billionaire had actually been given until Monday to evaluate the offer—adding that rejecting a settlement still would not immediately trigger charges by the SEC, which typically sends formal notices before such cases are brought.”

Musk has had several legal battles with the SEC. In 2018, he and Tesla each agreed to $20 million payments in a settlement over the SEC’s complaint that “Musk’s misleading tweets” about taking Tesla private caused the stock price to jump “and led to significant market disruption.” He has tried and failed to get out of that settlement, claiming that he was “forced” into signing the deal and that the SEC used the 2018 consent decree to “micro-manage” his social media activity.

Musk to have influence in Trump admin

Musk won’t have to worry as much about government regulation once Trump takes over. Trump picked Musk to lead a new Department of Government Efficiency, or “DOGE,” which will make recommendations for eliminating regulations, cutting expenses, and restructuring federal agencies.

As Reuters wrote today, Musk “is set to gain extraordinary influence after spending more than a quarter of a billion dollars to help Donald Trump win November’s presidential election. His companies are expected to be well insulated from regulation and enforcement measures.”

The SEC’s November announcement of Gensler’s planned departure from the agency touted his work to adopt “several rules to ensure that investors get the disclosure they need from public companies and companies seeking to go public.”

Trump chose Paul Atkins to replace Gensler as SEC chair, calling Atkins an advocate “for common sense regulations.” Atkins, a former SEC commissioner who founded the Patomak Global Partners consultancy firm, testified to Congress in 2019 that the SEC should reduce its disclosure requirements.

Elon Musk slams SEC as agency threatens charges in Twitter stock probe Read More »

don’t-use-crypto-to-cheat-on-taxes:-bitcoin-bro-gets-2-years

Don’t use crypto to cheat on taxes: Bitcoin bro gets 2 years

A bitcoin investor who went to increasingly great lengths to hide $1 million in cryptocurrency gains on his tax returns was sentenced to two years in prison on Thursday.

It seems that not even his most “sophisticated” tactics—including using mixers, managing multiple wallets, and setting up in-person meetings to swap bitcoins for cash—kept the feds from tracing crypto trades that he believed were untraceable.

The Austin, Texas, man, Frank Richard Ahlgren III, started buying up bitcoins in 2011. In 2015, he upped his trading, purchasing approximately 1,366 using Coinbase accounts. He waited until 2017 before cashing in, earning $3.7 million after selling about 640 at a price more than 10 times his initial costs. Celebrating his gains, he bought a house in Utah in 2017, mostly funded by bitcoins he purchased in 2015.

Very quickly, Ahlgren sought to hide these earnings, the Department of Justice said in a press release. Rather than report them on his 2017 tax return, Ahlgren “lied to his accountant by submitting a false summary of his gains and losses from the sale of his bitcoins.” He did this by claiming that the bitcoins he purchased in 2015 were much higher than his actual costs, even being so bold as to claim he as charged prices “greater than the highest price bitcoins sold for in the market prior to the purchase of the Utah house.”

First tax evasion prosecution centered solely on crypto

Ahlgren’s tax evasion only got bolder as the years passed after this first fraud, the DOJ said.

In 2018 and 2019, he sold more bitcoins, earning more than $650,000 and deciding not to report any of it on his tax returns for those years. That meant that he needed to actively conceal the earnings, but he’d been apparently researching how mixers are used to disguise where bitcoins come from since at least 2014, the feds found, referencing a blog he wrote exhibiting his knowledge. And that’s not the only step he took to try to trick the Internal Revenue Service.

Don’t use crypto to cheat on taxes: Bitcoin bro gets 2 years Read More »

character.ai-steps-up-teen-safety-after-bots-allegedly-caused-suicide,-self-harm

Character.AI steps up teen safety after bots allegedly caused suicide, self-harm

Following a pair of lawsuits alleging that chatbots caused a teen boy’s suicide, groomed a 9-year-old girl, and caused a vulnerable teen to self-harm, Character.AI (C.AI) has announced a separate model just for teens, ages 13 and up, that’s supposed to make their experiences with bots safer.

In a blog, C.AI said it took a month to develop the teen model, with the goal of guiding the existing model “away from certain responses or interactions, reducing the likelihood of users encountering, or prompting the model to return, sensitive or suggestive content.”

C.AI said “evolving the model experience” to reduce the likelihood kids are engaging in harmful chats—including bots allegedly teaching a teen with high-functioning autism to self-harm and delivering inappropriate adult content to all kids whose families are suing—it had to tweak both model inputs and outputs.

To stop chatbots from initiating and responding to harmful dialogs, C.AI added classifiers that should help C.AI identify and filter out sensitive content from outputs. And to prevent kids from pushing bots to discuss sensitive topics, C.AI said that it had improved “detection, response, and intervention related to inputs from all users.” That ideally includes blocking any sensitive content from appearing in the chat.

Perhaps most significantly, C.AI will now link kids to resources if they try to discuss suicide or self-harm, which C.AI had not done previously, frustrating parents suing who argue this common practice for social media platforms should extend to chatbots.

Other teen safety features

In addition to creating the model just for teens, C.AI announced other safety features, including more robust parental controls rolling out early next year. Those controls would allow parents to track how much time kids are spending on C.AI and which bots they’re interacting with most frequently, the blog said.

C.AI will also be notifying teens when they’ve spent an hour on the platform, which could help prevent kids from becoming addicted to the app, as parents suing have alleged. In one case, parents had to lock their son’s iPad in a safe to keep him from using the app after bots allegedly repeatedly encouraged him to self-harm and even suggested murdering his parents. That teen has vowed to start using the app whenever he next has access, while parents fear the bots’ seeming influence may continue causing harm if he follows through on threats to run away.

Character.AI steps up teen safety after bots allegedly caused suicide, self-harm Read More »

report:-at&t,-verizon-aren’t-notifying-most-victims-of-chinese-call-records-hack

Report: AT&T, Verizon aren’t notifying most victims of Chinese call-records hack

Telecom companies aren’t required to notify customers about every breach. A Federal Communications Commission order in December 2023 adopted a “harm-based notification trigger” in which “notification of a breach to consumers is not required in cases where a carrier can reasonably determine that no harm to customers is reasonably likely to occur as a result of the breach, or where the breach solely involves encrypted data and the carrier has definitive evidence that the encryption key was not also accessed, used, or disclosed.”

The FCC said that harm requiring notifications can include, but is not limited to, “financial harm, physical harm, identity theft, theft of services, potential for blackmail, the disclosure of private facts, the disclosure of contact information for victims of abuse, and other similar types of dangers.”

The FCC order argued that the harm-based standard would let carriers “focus their time, effort, and financial resources on the most important and potentially harmful incidents” and protect “customers from over-notification and notice fatigue, specifically in instances where the carrier has reasonably determined that no harm is likely to occur.”

Senator: Telecoms should tell customers

US Sen. Ron Wyden (D-Ore.) this week criticized the carriers for having weak security and the FCC for “let[ting] phone companies write their own cybersecurity rules.” Wyden proposed legislation to beef up telecom security requirements.

A spokesperson for Wyden today said that carriers should notify the affected customers.

“Senator Wyden strongly supports the phone companies notifying their customers about the theft of their data,” the spokesperson told Ars. “Not only do Americans have a right to be told that their information was stolen, but this is useful information that could result in some consumers voting with their wallets and switching service to carriers that retain less data and or have better cybersecurity.”

Stanford University researchers collected and studied telephone metadata for a 2016 paper to determine how it could be used against customers. “Using crowdsourced telephone logs and social networking information, we find that telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences,” they wrote.

Report: AT&T, Verizon aren’t notifying most victims of Chinese call-records hack Read More »

photobucket-opted-inactive-users-into-privacy-nightmare,-lawsuit-says

Photobucket opted inactive users into privacy nightmare, lawsuit says

Photobucket was sued Wednesday after a recent privacy policy update revealed plans to sell users’ photos—including biometric identifiers like face and iris scans—to companies training generative AI models.

The proposed class action seeks to stop Photobucket from selling users’ data without first obtaining written consent, alleging that Photobucket either intentionally or negligently failed to comply with strict privacy laws in states like Illinois, New York, and California by claiming it can’t reliably determine users’ geolocation.

Two separate classes could be protected by the litigation. The first includes anyone who ever uploaded a photo between 2003—when Photobucket was founded—and May 1, 2024. Another potentially even larger class includes any non-users depicted in photographs uploaded to Photobucket, whose biometric data has also allegedly been sold without consent.

Photobucket risks huge fines if a jury agrees with Photobucket users that the photo-storing site unjustly enriched itself by breaching its user contracts and illegally seizing biometric data without consent. As many as 100 million users could be awarded untold punitive damages, as well as up to $5,000 per “willful or reckless violation” of various statutes.

If a substantial portion of Photobucket’s entire 13 billion-plus photo collection is found infringing, the fines could add up quickly. In October, Photobucket estimated that “about half of its 13 billion images are public and eligible for AI licensing,” Business Insider reported.

Users suing include a mother of a minor whose biometric data was collected and a professional photographer in Illinois who should have been protected by one of the country’s strongest biometric privacy laws.

So far, Photobucket has confirmed that at least one “alarmed” Illinois user’s data may have already been sold to train AI. The lawsuit alleged that most users eligible to join the class action likely similarly only learned of the “conduct long after the date that Photobucket began selling, licensing, and/or otherwise disclosing Class Members’ biometric data to third parties.”

Photobucket opted inactive users into privacy nightmare, lawsuit says Read More »

report:-google-told-ftc-microsoft’s-openai-deal-is-killing-ai-competition

Report: Google told FTC Microsoft’s OpenAI deal is killing AI competition

Google reportedly wants the US Federal Trade Commission (FTC) to end Microsoft’s exclusive cloud deal with OpenAI that requires anyone wanting access to OpenAI’s models to go through Microsoft’s servers.

Someone “directly involved” in Google’s effort told The Information that Google’s request came after the FTC began broadly probing how Microsoft’s cloud computing business practices may be harming competition.

As part of the FTC’s investigation, the agency apparently asked Microsoft’s biggest rivals if the exclusive OpenAI deal was “preventing them from competing in the burgeoning artificial intelligence market,” multiple sources told The Information. Google reportedly was among those arguing that the deal harms competition by saddling rivals with extra costs and blocking them from hosting OpenAI’s latest models themselves.

In 2024 alone, Microsoft generated about $1 billion from reselling OpenAI’s large language models (LLMs), The Information reported, while rivals were stuck paying to train staff to move data to Microsoft servers if their customers wanted access to OpenAI technology. For one customer, Intuit, it cost millions monthly to access OpenAI models on Microsoft’s servers, The Information reported.

Microsoft benefits from the arrangement—which is not necessarily illegal—of increased revenue from reselling LLMs and renting out more cloud servers. It also takes a 20 percent cut of OpenAI’s revenue. Last year, OpenAI made approximately $3 billion selling its LLMs to customers like T-Mobile and Walmart, The Information reported.

Microsoft’s agreement with OpenAI could be viewed as anti-competitive if businesses convince the FTC that the costs of switching to Microsoft’s servers to access OpenAI technology is so burdensome that it’s unfairly disadvantaging rivals. It could also be considered harming the market and hampering innovation by seemingly disincentivizing Microsoft from competing with OpenAI in the market.

To avoid any disruption to the deal, however, Microsoft could simply point to AI models sold by Google and Amazon as proof of “robust competition,” The Information noted. The FTC may not buy that defense, though, since rivals’ AI models significantly fall behind OpenAI’s models in sales. Any perception that the AI market is being foreclosed by an entrenched major player could trigger intense scrutiny as the US seeks to become a world leader in AI technology development.

Report: Google told FTC Microsoft’s OpenAI deal is killing AI competition Read More »