An anonymous reader quotes a report from The Intercept: The legal research and public records data broker LexisNexis is providing U.S. Immigration and Customs Enforcement with tools to target people who may potentially commit a crime -- before any actual crime takes place, according to a contract document obtained by The Intercept. LexisNexis then allows ICE to track the purported pre-criminals' movements. The unredacted contract overview provides a rare look at the controversial $16.8 million agreement between LexisNexis and ICE, a federal law enforcement agency whose surveillance of and raids against migrant communities are widely criticized as brutal, unconstitutional, and inhumane.

"The purpose of this program is mass surveillance at its core," said Julie Mao, an attorney and co-founder of Just Futures Law, which is suing LexisNexis over allegations it illegally buys and sells personal data. Mao told The Intercept the ICE contract document, which she reviewed for The Intercept, is "an admission and indication that ICE aims to surveil individuals where no crime has been committed and no criminal warrant or evidence of probable cause." While the company has previously refused to answer any questions about precisely what data it's selling to ICE or to what end, the contract overview describes LexisNexis software as not simply a giant bucket of personal data, but also a sophisticated analytical machine that purports to detect suspicious activity and scrutinize migrants -- including their locations.

The document, a "performance of work statement" made by LexisNexis as part of its contract with ICE, was obtained by journalist Asher Stockler through a public records request and shared with The Intercept. LexisNexis Risk Solutions, a subsidiary of LexisNexis's parent company, inked the contract with ICE, a part of the Department of Homeland Security, in 2021. The document reveals that over 11,000 ICE officials, including within the explicitly deportation-oriented Enforcement and Removal Operations branch, were using LexisNexis as of 2021. "This includes supporting all aspects of ICE screening and vetting, lead development, and criminal analysis activities," the document says. In practice, this means ICE is using software to "automate" the hunt for suspicious-looking blips in the data, or links between people, places, and property. It is unclear how such blips in the data can be linked to immigration infractions or criminal activity, but the contract's use of the term "automate" indicates that ICE is to some extent letting computers make consequential conclusions about human activity. The contract further notes that the LexisNexis analysis includes "identifying potentially criminal and fraudulent behavior before crime and fraud can materialize." (ICE did not respond to a request for comment.) "LexisNexis Risk Solutions prides itself on the responsible use of data, and the contract with the Department of Homeland Security encompasses only data allowed for such uses," said LexisNexis spokesperson Jennifer Richman. She says the company's work with ICE doesn't violate the law or federal policy.

The Federal Communications Commission (FCC) has proposed new rules to crack down on hidden fees charged by cable and satellite video providers. "My administration's top priority is lowering the cost of living for the middle class, and that includes cracking down on companies' use of junk fees to hide true costs from families, who end up paying more as a result," Biden said in a statement on Tuesday. Ars Technica reports: As Biden noted, the FCC "proposed a new rule that would require cable and satellite TV providers to give consumers the all-in price for the service they're offering up front." The proposed rule would force companies like Comcast, Charter Spectrum, and DirecTV to publish more accurate prices. Biden continued: "Too often, these companies hide additional junk fees on customer bills disguised as "broadcast TV" or "regional sports" fees that in reality pay for no additional services. These fees really add up: according to one report, they increase customer bills by nearly 25 percent of the price of base service."

FCC Chairwoman Jessica Rosenworcel first floated pricing transparency rules for the TV services offered by cable and satellite companies in March. That effort took a step forward on Tuesday when the commission approved a Notice of Proposed Rulemaking (NPRM) that seeks public comment on rules that would force video providers to offer accurate prices in advertising. "Consumers who choose a video service based on an advertised monthly price may be surprised by unexpected fees related to the cost of video programming that raise the amount of the bill significantly," the NPRM said. The cable and satellite TV companies' practice of listing "Broadcast TV" and "Regional Sports Network" fees separately from the advertised price "can be potentially misleading and interpreted as a government-imposed tax or fee, instead of a company-imposed service fee increase," and make it hard for customers to compare prices across providers, the FCC said.

The docket is available here, and comments will be accepted for 60 days after the NPRM is published in the Federal Register. The FCC said its proposal "would require cable operators and DBS [direct broadcast satellite] providers to clearly and prominently display the total cost of video programming service." The FCC is also seeking comment on whether it has the authority to impose similar requirements on other types of video providers. But Rosenworcel reportedly said in a congressional hearing that the FCC's authority under US law doesn't extend to streaming services.

An anonymous reader quotes a report from TorrentFreak: With tens of millions of regular monthly visitors, South Korean piracy site Noonoo TV made powerful enemies. The stand-off reached the boiling point in March when broadcasters formed a new anti-piracy coalition and warned of punishing legal action. Noonoo TV responded by throwing in the towel but after clone site 'Noonoo TV Season 2' appeared online, the government says it will develop an AI anti-piracy system that will stop any 'Season 3' variants in their tracks.

Alongside a promise to work closely with the Ministry of Culture, Sports and Tourism, the Korea Communications Commission, and the National Security Agency to protect 'K' content from unlawful distribution, the Ministry of Science says the time is right to enhance manual work carried out by humans with automated systems better suited to the job. "Since the detection and response to illegal sites is currently centered on manual work based on human resources, to overcome this limitation, we plan to develop technology that can automatically detect and verify new versions and substitute sites," the Ministry said. "Online video service (OTT) content is a precious asset created with the blood and sweat of many people. It's a growth engine that will be responsible for the future of our country, so it is very important for mature citizens to refrain from using these illegal sites."

An anonymous reader quotes a report from CNBC: Amazon's warehouse working conditions, which have come under increased scrutiny in recent years, are now at the heart of a congressional probe being led by Sen. Bernie Sanders of Vermont. In a letter (PDF) to Amazon CEO Andy Jassy, Sanders, who chairs the Senate's Health, Education, Labor and Pensions (HELP) Committee, said the e-retailer's "quest for profits at all costs" has caused warehouse employees to experience unsafe working environments without access to adequate medical attention.

"Amazon is well aware of these dangerous conditions, the life-altering consequences for workers injured on the job, and the steps the company could take to reduce the significant risks of injury," wrote Sanders, an independent who caucuses with the Democratic party. "Yet the company has made a calculated decision not to implement adequate worker protections because Jeff Bezos, Amazon's founder, and you, his successor as Chief Executive Officer, have created a corporate culture that treats workers as disposable."

Sanders called on Jassy to turn over more information related to Amazon's injury and turnover rates, as well as data on its on-site medical clinic, called AMCARE, dating back to 2019. He also asked Jassy to say whether Amazon has, internally or through a third party, examined "the connection between the pace of work of its warehouse workers and the prevalence or cost of injuries at its warehouses." Sanders said Jassy has until July 5 to respond to the inquiry. The HELP committee posted a form on its website seeking testimonials from current and former Amazon employees about their experiences at the company. An Amazon spokesperson said the company strongly disagrees with Sanders' claims in the letter. "There will always be ways for our critics to splice data to suit their narrative, but the fact is, we've made progress and our numbers clearly show it," said the spokesperson.

According to a recently discovered patent application, Mastercard plans to develop software optimized for bitcoin and blockchain transactions. The second-largest payment-processing corporation also aims to facilitate crypto-based transactions by reducing connections between virtual asset service providers. Crypto News reports: The trademark application is a fascinating window into Mastercard's plans for the future of digital currency. Details have been revealed about creating a downloadable application programming interface (API) designed to verify transactions inside blockchain networks and ease the handling or trading of cryptocurrency. By standardizing this API software, communication between VASPs may be streamlined and crypto transactions easier. Mastercard wants to set up a platform for financial institutions to exchange customer information to verify compliance. This new step is significant for Mastercard's fast-growing presence in the cryptocurrency sector. The corporation announced its intention to offer a limited number of cryptocurrencies on its network in February 2021.

Trial lawyer Kyle Roche has led an interesting life, according to the New York Times. He once earned $100 million selling bitcoin. He helped win a case against Craig Wright (who claims to be Bitcoin creator Satoshi Nakamoto) through his law firm Roche Freedman. And Roche also founded a startup that lets people bet on the outcome of (civil) lawsuits, "to make access to justice more affordable."

But something very bad for his career happened in January of 2022 when two businessmen flew Roche from Miami to the U.K. to discuss an investment. When he woke up the next morning, Roche said, he felt groggy... The brain fog was odd because he didn't think he'd had all that much to drink. As he flew back to Miami a few days later, Roche couldn't shake the feeling that something was amiss.

Months passed. Then, one day last summer, Roche's world detonated. A website called Crypto Leaks posted two dozen videos of him that had been secretly recorded during his meetings with Villavicencio and Ager-Hanssen. The videos portrayed Roche and his law firm, Roche Freedman, as being in the pocket of one of their crypto clients [Ava Labs]... In other clips, Roche made it sound like his sole concern, even when representing other clients, was to promote Ava Labs' interests...

One after another, companies that Roche Freedman had sued filed motions to disqualify the firm from their cases. In October, the first of those motions succeeded: A federal judge in New York tossed Roche Freedman from a case it had filed against Tether, the operator of the world's most used "stablecoin." Within days, Roche was forced to resign from the law firm he had founded. With his career in tatters, he said, he enrolled in ethics classes and began to see a therapist.
Roche calls the recorded remarks baseless bluster to impress a prospective investor (and alleges in court there are signs of deep fake alterations). While Roche "was felled by his own loose lips and his overly cozy relationship with a client," the Times reports "he also was the victim of an elaborate international setup." On April 3, 2020, Roche Freedman filed lawsuits seeking class-action status against seven issuers of digital coins, alleging they had pumped what amounted to unregistered securities with false statements and then dumped them, leaving retail investors holding the bag... Those suits were just an opening salvo: Sixteen months later, Roche filed his biggest securities fraud case yet. It alleged that a British entrepreneur, Dominic Williams, and entities he controlled had swindled investors out of billions of dollars by aggressively promoting, and then dumping, a digital coin tied to a grandiose plan to revolutionize computing. Williams had boldly proclaimed that his Internet Computer blockchain — a decentralized network of computers powered by a digital token called ICP — would supplant the big cloud services offered by Amazon and Microsoft and become humanity's primary computing platform. But after an initial surge that briefly made it one of the most valuable cryptocurrencies, ICP had plummeted 92% — a collapse that Roche's lawsuit attributed to "massive" selling by Williams and other insiders. (Williams denied the allegations.)
The Times reports that Roche's prospective investor Ager-Hanssen, "in addition to running his venture capital firm, has long had a sideline digging up dirt on behalf of wealthy clients entangled in business disputes in Britain and Scandinavia. On multiple occasions, he has secretly recorded his targets. For example, in a 2014 interview, he recounted how he had snared the adversary of a Swedish financier with a hidden microphone and boasted that he employed former intelligence officers from the CIA, MI6 and Mossad..." Roche believes them because he thinks he knows who hired Ager-Hanssen: Williams, the British entrepreneur who was the target of Roche Freedman's biggest pump-and-dump lawsuit... On May 12, 2022, Williams wrote on Twitter that he was "coming for" his critics. That was the same day the cryptoleaks.info domain name was registered. That was the same day the cryptoleaks.info domain name was registered. Then, on June 9, 2022, the Crypto Leaks website went live. Billing itself as the defender of "the honest crypto community," it posted two reports that aligned with Williams' interests...

The first espoused a complicated theory about the ICP token crash that Williams had previously floated on Twitter. The second attacked the Times for an article it had published about the crash. Williams tweeted a link to that Crypto Leaks report, calling it "Gobsmacking." The Dfinity Foundation, a Swiss nonprofit that Williams created to oversee his blockchain, has since sued the Times for defamation in New York. The Times is seeking to dismiss the suit. The videos of Roche were the crux of Crypto Leaks' third exposé. After they were published, Williams and Dfinity filed a motion to disqualify Roche Freedman as plaintiffs' counsel in the pump-and-dump lawsuit, saying Roche's comments demonstrated "a disregard for the integrity of the judicial system...."

Last month, the judge overseeing the pump-and-dump case granted Williams' motion and disqualified Freedman Normand Friedland as plaintiffs' counsel.

An anonymous reader shared this report from the nonprofit journalism site, the San Francisco Standard: The San Francisco Board of Supervisors on Tuesday approved legislation that aims to shore up the city's beleaguered Downtown by filling empty storefronts and expediting the conversion of underused office buildings into housing. The bill is a major component of Mayor London Breed's recovery agenda. Co-sponsored by Board President Aaron Peskin, it amends the city's planning code to expand residential uses and Downtown office conversions. It also streamlines the review of certain projects, among other changes...

Even with speedier project approvals, converting San Francisco office buildings to housing remains a costly endeavor; few developers have explored the option to date. At an April 3 hearing of the board's Land Use Committee, lawmakers outlined the need for multiple reforms to make conversions economically feasible; Supervisor Dean Preston voiced concerns that even those reforms would not accommodate low-income housing. Many say San Francisco's Downtown is currently caught in a "doom loop" driven by economic knock-on effects of the pandemic, including an office vacancy rate approaching 30% and trophy office towers changing hands at deep discounts...

The bill passed Tuesday is one of several legislative efforts to aid Downtown and the city's overall economy. Initiatives have included legislation to delay tax increases for retail, food service and other businesses hit hard by the pandemic, an "Office Attraction Tax Credit" for new companies opening in the city and a program called "Vacant to Vibrant," which provides grants to businesses which open "pop-up" shops and art spaces in Downtown's empty storefronts.

An anonymous reader shared this report from The Penny Hoarder: If you Googled anything between 2006 and 2013, then Google owes you money for violating your privacy. Those are the terms of a class-action lawsuit that Google has settled for $23 million.

How much money does Google owe you? Well, it depends on how many people come forward to claim their share of the settlement. The current estimated payout is about $7.70 per person.

Of course, that number could go up or down before it's all over. If fewer people than expected file claims, the payout amount will go up. But if more people than expected file claims, the payout amount will go down because more people are sharing the settlement money... The deadline to file a claim is July 31...

Basically, the class-action lawsuit alleges that Google Search "improperly shared your search queries with third-party websites and companies" during the time period in question. This has to do with how Google allegedly included your search query in the link that's created whenever you click on a website in a Google search. This involves something called a "referrer header."

Even though Google settled the case, it still denies any wrongdoing or liability. As part of the lawsuit settlement, Google is updating its FAQ page.
Some interesting history from SFGate: The lawsuit was filed in 2010 over allegations that Google shared its users' search terms with third-party websites based on its use of referrer headers, which essentially shows websites how a user found them. In 2015, the case reached an $8.5 million settlement in the Northern District of California, with a vast majority of the settlement going to a collection of internet privacy groups, because the amount allocated for each individual would have been mere pennies. But the case was brought all the way up to the Supreme Court after Ted Frank, a conservative activist and vocal class action suit critic, disputed the settlement being sent to those nonprofit groups instead of the users affected by the suit. In 2019, the case made its way back down to the district court, where the preliminary settlement was approved in 2022...

The final approval hearing for the settlement, which includes whether the class action representatives will receive $5,000 and the representing attorneys will receive 25% of the $23 million sum, is scheduled for Oct. 12.
From the Settlement agreement: If the Settlement becomes final, Settlement Class Members will be releasing Google (and certain others related to Google, such as Google directors, officers and employees) from all of the settled claims. This means that you will no longer be able to sue Google (or the other released parties) regarding any of the settled claims if you are a Settlement Class Member and do not timely and properly exclude yourself from the Settlement Class...


YOUR LEGAL RIGHTS AND OPTIONS IN THIS SETTLEMENT:

FILE A CLAIM BY JULY 31, 2023
This is the only way to get a payment under the Settlement.

DO NOTHING
Get no payment under the Settlement and give up your right to compensation for the claims and allegations in this case.

EXCLUDE YOURSELF BY JULY 31, 2023
Get no payment under the Settlement. This is the only option that allows you to be a part of any other lawsuit against Google about the claims and allegations in this case.

OBJECT BY JULY 31, 2023
Write to the Court about why you think the Settlement should not be approved. You may also ask to speak in Court about the fairness of the Settlement.

Daniel Ellsberg, a military analyst who leaked what came to be known as the Pentagon Papers, died on Friday at the age of 92. The cause was pancreatic cancer. The New York Times reports: The disclosure of the Pentagon Papers -- 7,000 government pages of damning revelations about deceptions by successive presidents who exceeded their authority, bypassed Congress and misled the American people -- plunged a nation that was already wounded and divided by the war deeper into angry controversy. It led to illegal countermeasures by the White House to discredit Mr. Ellsberg, halt leaks of government information and attack perceived political enemies, forming a constellation of crimes known as the Watergate scandal that led to the disgrace and resignation of President Richard M. Nixon. And it set up a First Amendment confrontation between the Nixon administration and The New York Times, whose publication of the papers was denounced by the government as an act of espionage that jeopardized national security. The U.S. Supreme Court upheld the freedom of the press.

Mr. Ellsberg was charged with espionage, conspiracy and other crimes and tried in federal court in Los Angeles. But on the eve of jury deliberations, the judge threw out the case, citing government misconduct, including illegal wiretapping, a break-in at the office of Mr. Ellsberg's former psychiatrist and an offer by President Nixon to appoint the judge himself as director of the Federal Bureau of Investigation. "The demystification and de-sanctification of the president has begun," Mr. Ellsberg said after being released. "It's like the defrocking of the Wizard of Oz." The story of Daniel Ellsberg in many ways mirrored the American experience in Vietnam, which began in the 1950s as a struggle to contain communism in Indochina and ended in 1975 with humiliating defeat in a corrosive war that killed more than 58,000 Americans and millions of Vietnamese, Cambodians and Laotians. [...] Over the years, Ellsberg was mentioned on Slashdot several times. In late 2000, Ellsberg was mentioned in a story about Clinton's veto of what would have been a new law to prevent leaks of classified information.

Ellsberg also expressed his support for WikiLeaks founder Julian Assange in 2010 and called Edward Snowden the "greatest patriot whistleblower of our time."

He was also featured in a Slashdot story for his view on the growing role of internet companies in the public sphere. In 2011, Ellsberg said companies such as Google, Facebook, and Twitter need to take a stand and push back on excessive requests for personal data.

Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday. From a report: The breach has affected 3.5 million Oregonians with driver's licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. The Louisiana governor's office did not put a number on the number of victims but over 3 million Louisianians hold driver's licenses, according to public data. The states did not blame anyone in particular for the hack, but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang. The sweeping hack has likely exposed data at hundreds of organizations across the globe and also compromised multiple US federal agencies, including the Department of Energy, as well as data from major corporations in Britain like the BBC and British Airways. The Russian-speaking hackers that claimed credit are known to demand multimillion-dollar ransoms, though US and state governments say they have not received any demands.

Alphabet's Google on Friday sued a Los Angeles man and his companies in San Jose, California federal court, claiming he created hundreds of fake business listings on its platforms and sold them to real businesses to lure in unsuspecting customers. From a report: Fake reviews have been a recurring problem on internet commerce sites. Google said in a statement that it filed the lawsuit against Ethan QiQi Hu to "help put an end to these types of malicious schemes." Google's lawsuit said Hu creates sham businesses that appear in its search engine and Google Maps, using an "elaborate set of props" to verify them on video calls with the tech giant's agents. The lawsuit said Hu keeps a tool bench as a prop to verify fraudulent listings for garage repair, tree cutting and plumbing, and essential oils for verifying fake aromatherapy and reiki therapy businesses. Google said Hu buys thousands of fake positive reviews to make the businesses appear legitimate. He then allegedly sells the profiles as "leads" to real businesses in the same fields, which receive contacts from potential customers who reach out to the fake businesses.

European Union officials have voted in favor of stricter regulations on artificial intelligence, including a ban on AI use in biometric surveillance and a requirement for AI systems like OpenAI's ChatGPT to disclose when content is generated by AI. Ars Technica reports: On Wednesday, European Union officials voted to implement stricter proposed regulations concerning AI, according to Reuters. The updated draft of the "AI Act" law includes a ban on the use of AI in biometric surveillance and requires systems like OpenAI's ChatGPT to reveal when content has been generated by AI. While the draft is still non-binding, it gives a strong indication of how EU regulators are thinking about AI. The new changes to the European Commission's proposed law -- which have not yet been finalized -- intend to shield EU citizens from potential threats linked to machine learning technology.

The new draft of the AI Act includes a provision that would ban companies from scraping biometric data (such as user photos) from social media for facial recognition training purposes. News of firms like Clearview AI using this practice to create facial recognition systems drew severe criticism from privacy advocates in 2020. However, Reuters reports that this rule might be a source of contention with some EU countries who oppose a blanket ban on AI in biometric surveillance. The new EU draft also imposes disclosure and transparency measures on generative AI. Image synthesis services like Midjourney would be required to disclose AI-generated content to help people identify synthesized images. The bill would also require that generative AI companies provide summaries of copyrighted material scraped and utilized in the training of each system. While the publishing industry backs this proposal, according to The New York Times, tech developers argue against its technical feasibility.

Additionally, creators of generative AI systems would be required to implement safeguards to prevent the generation of illegal content, and companies working on "high-risk applications" must assess their potential impact on fundamental rights and the environment. The current draft of the EU law designates AI systems that could influence voters and elections as "high-risk." It also classifies systems used by social media platforms with over 45 million users under the same category, thus encompassing platforms like Meta and Twitter. [...] Experts say that after considerable debate over the new rules among EU member nations, a final version of the AI Act isn't expected until later this year.

An anonymous reader quotes a report from CNN: Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. The US Cybersecurity and Infrastructure Security Agency "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. "We are working urgently to understand impacts and ensure timely remediation." It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.

Agencies were much quicker Thursday to deny they'd been affected by the hacking than to confirm they were. The Transportation Security Administration and the State Department said they were not victims of the hack. CISA Director Jen Easterly told MSNBC on Thursday that she was "confident" that there will not be "significant impacts" to federal agencies from the hacks because of the government's defensive improvements. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.

The new hacking campaign shows the widespread impact that a single software flaw can have if exploited by skilled criminals. The hackers -- a well-known group whose favored malware emerged in 2019 -- in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

Two men who helped run the once wildly popular pirating website Megaupload were each sentenced by a New Zealand court on Thursday to more than two years in prison. From a report: The sentencing of Mathias Ortmann and Bram van der Kolk ended an 11-year legal battle by the men to avoid extradition to the United States on more serious charges that included racketeering. The men last year struck a deal with prosecutors from New Zealand and the U.S. in which they pleaded guilty to being part of a criminal group and causing artists to lose money by deception. Meanwhile Kim Dotcom, the founder of Megaupload, is continuing to fight the U.S. charges and threat of extradition. He has said he expects his former colleagues to testify against him as part of the deal they struck.

U.S. prosecutors say Megaupload raked in at least $175 million -- mainly from people who used the site to illegally download songs, television shows and movies -- before the FBI shut it down in early 2012 and arrested Dotcom and other company officers. Ortmann was sentenced to 2 years and 7 months while van der Kolk was sentenced to 2 years and 6 months. Each had faced a maximum sentence of 10 years in prison but argued they should be allowed to serve their sentences in home detention.

Texas Governor Greg Abbott has signed a bill prohibiting children under 18 from joining various social media platforms without parental consent. Similar legislation has been passed in Utah and Louisiana. The Verge reports: The bill, HB 18, requires social media companies to receive explicit consent from a minor's parent or guardian before they'd be allowed to create their own accounts starting in September of next year. It also forces these companies to prevent children from seeing "harmful" content -- like content related to eating disorders, substance abuse, or "grooming" -- by creating new filtering systems.

Texas' definition of a "digital service" is extremely broad. Under the law, parental consent would be necessary for kids trying to access nearly any site that collects identifying information, like an email address. There are some exceptions, including sites that primarily deliver educational or news content and email services. The Texas attorney general could sue companies found to have violated this law. The law's requirements to filter loosely defined "harmful material" and provide parents with control over their child's accounts mirror language in some federal legislation that has spooked civil and digital rights groups.

Like HB 18, the US Senate-led Kids Online Safety Act orders platforms to prevent minors from being exposed to content related to disordered eating and other destructive behaviors. But critics fear this language could encourage companies like Instagram or TikTok to overmoderate non-harmful content to avoid legal challenges. Overly strict parental controls could also harm kids in abusive households, allowing parents to spy on marginalized children searching for helpful resources online.

Microsoft is starting to sell replacement components for its Surface devices. The software giant now supplies replacement parts in the Microsoft Store, allowing Surface owners to replace their displays, batteries, SSDs, and more. From a report: "We are excited to offer replacement components to technically inclined consumers for out-of-warranty, self repair," says Tim McGuiggan, VP of devices services and product engineering at Microsoft. "When purchasing a replacement component, you will receive the part and relevant collateral components (such as screws if applicable)." Tools to help you repair a Microsoft Surface device are sold separately by iFixit, which Microsoft partnered with in 2021 to sell official Surface repair tools. iFixit supplies tools like battery covers to protect against punctures during repair, debonding cradles to help cut the adhesive that holds screen glass in place, and a tool to properly replace a screen.

A U.S. judge has granted the FTC request to temporarily block Microsoft's acquisition of Activision Blizzard, scheduling a hearing for a preliminary injunction and preventing the deal from closing until a court ruling is made. Reuters reports: U.S. District Judge Edward Davila scheduled a two-day evidentiary hearing on the FTC's request for a preliminary injunction for June 22-23 in San Francisco. Without a court order, Microsoft could have closed on the $69 billion deal as early as Friday. Davila said the temporary restraining order "is necessary to maintain the status quo while the complaint is pending (and) preserve this court's ability to order effective relief in the event it determines a preliminary injunction is warranted and preserve the FTC's ability to obtain an effective permanent remedy in the event that it prevails in its pending administrative proceeding."

Microsoft and Activision must submit legal arguments opposing a preliminary injunction by June 16; the FTC must reply on June 20. Davila said the bar on closing will remain in place until at least five days after the court rules on the preliminary injunction request. The case reflects the muscular approach to antitrust enforcement taken by the administration of U.S. President Joe Biden.

New York City's food delivery workers will be guaranteed a minimum wage for the first time under new regulations announced by Mayor Eric Adams. Gothamist reports: Tens of thousands of delivery workers are slated to make at least $17.96 per hour plus tips by July 12, and at least $19.96 an hour by 2025, city officials said. That's a sharp increase from what delivery workers make now. Many take home less than the city's minimum wage of $15 an hour. The $19.96 hourly rate is less than the $23.82 the Department of Consumer and Worker Protections originally proposed last November -- but is still almost three times more than what delivery workers currently make, according to the city agency.

Sunday's announcement comes after months of back-and-forth between delivery workers, elected officials and app companies over the minimum wage rates. City officials blew past a Jan. 1 deadline set by City Council legislation to establish the new wage rules. Delivery companies, like Uber and DoorDash, argued that the new legislation will force a raise in prices and less schedule flexibility, while some advocates claim these companies are manipulating employees into testifying against the measure. DoorDash spokesperson Eli Scheinholtz said the company was considering litigation against the city over the new pay rules. "The ones that bring you pizza in the snow, and that Thai food you like in the rain," said Mayor Adams. "This new minimum pay rate will guarantee these workers, and their families, can earn a living. They should not be delivering food to your household, if they can't put food on the plate in their household."

An anonymous reader quotes a report from Ars Technica: Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on. The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm. [...]

On Tuesday, academic researchers unveiled new research demonstrating attacks that provide a novel way to exploit these types of side channels. The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader -- or of an attached peripheral device -- during cryptographic operations. This technique allowed the researchers to pull a 256-bit ECDSA key off the same government-approved smart card used in Minerva. The other allowed the researchers to recover the private SIKE key of a Samsung Galaxy S8 phone by training the camera of an iPhone 13 on the power LED of a USB speaker connected to the handset, in a similar way to how Hertzbleed pulled SIKE keys off Intel and AMD CPUs. Power LEDs are designed to indicate when a device is turned on. They typically cast a blue or violet light that varies in brightness and color depending on the power consumption of the device they are connected to.

There are limitations to both attacks that make them unfeasible in many (but not all) real-world scenarios (more on that later). Despite this, the published research is groundbreaking because it provides an entirely new way to facilitate side-channel attacks. Not only that, but the new method removes the biggest barrier holding back previously existing methods from exploiting side channels: the need to have instruments such as an oscilloscope, electric probes, or other objects touching or being in proximity to the device being attacked. In Minerva's case, the device hosting the smart card reader had to be compromised for researchers to collect precise-enough measurements. Hertzbleed, by contrast, didn't rely on a compromised device but instead took 18 days of constant interaction with the vulnerable device to recover the private SIKE key. To attack many other side channels, such as the one in the World War II encrypted teletype terminal, attackers must have specialized and often expensive instruments attached or near the targeted device. The video-based attacks presented on Tuesday reduce or completely eliminate such requirements. All that's required to steal the private key stored on the smart card is an Internet-connected surveillance camera that can be as far as 62 feet away from the targeted reader. The side-channel attack on the Samsung Galaxy handset can be performed by an iPhone 13 camera that's already present in the same room. Videos here and here show the video-capture process of a smart card reader and a Samsung Galaxy phone, respectively, as they perform cryptographic operations. "To the naked eye, the captured video looks unremarkable," adds Ars.

"But by analyzing the video frames for different RGB values in the green channel, an attacker can identify the start and finish of a cryptographic operation."

Microsoft will make it possible for users of its Azure Government cloud computing service, which include a variety of US agencies, to access artificial intelligence models from ChatGPT creator OpenAI. From a report: Microsoft, which is the largest investor in OpenAI and uses its technology to power its Bing chatbot, plans to announce Wednesday that Azure Government customers can now use two of OpenAI's large language models: The startup's latest and most powerful model, GPT-4, and an earlier one, GPT-3, via Microsoft's Azure OpenAI service.

The Redmond, Washington-based company plans Wednesday to release a blog post, viewed by Bloomberg, about the program, although its doesn't name specific US agencies expected to use the large language models at launch. The Defense Department, the Energy Department and NASA are among the federal government customers of Azure Government. The Defense Technical Information Center -- a part of the Defense Department that focuses on gathering and sharing military research -- will be experimenting with the OpenAI models through Microsoft's new offering, a DTIC official confirmed.