Technology

Google Wallet for Android Now Supports Digital IDs (arstechnica.com) 31

Google Wallet on Android is finally getting ready for your digital driver's license and other US state IDs. Google says the feature is rolling out this month, and it will slowly start bringing states online this year. From a report: Of course, your state has to be one of the few that actually supports digital IDs. Google says Maryland residents can use the feature right now and that "in the coming months, residents of Arizona, Colorado and Georgia will join them." The road to digital driver's license support has been a long one, with the "Identity Credential API" landing in Android 11 back in 2020. Since then it has technically been possible for states to make their own ID app.

Now Google Wallet, Google's re-re-reboot of its payment app, is providing a first-party way to store an ID on your phone. Some parts of the Identity Credential API landed in Google Play Services (Google's version-agnostic brick of APIs), so Wallet supports digital IDs going back to Android 8.0, which covers about 90 percent of Android devices. Maryland has supported Digital IDs on iOS for a while, which gives us an idea of how this will work. An NFC transfer is enough to beam your credentials to someone, where you can just tap against a special NFC ID terminal and confirm the transfer with your fingerprint. Wallet has an NFC option, along with a "Show code" option that will show the traditional driver's license barcode.

The Courts

Getty Asks London Court To Stop UK Sales of Stability AI System (reuters.com) 29

Stock photo provider Getty Images has asked London's High Court for an injunction to prevent artificial intelligence company Stability AI from selling its AI image-generation system in Britain, court filings show. From a report: The Seattle-based company accuses the company of breaching its copyright by using its images to "train" its Stable Diffusion system, according to the filing dated May 12. Stability AI has yet to file a defence to Getty's lawsuit, but filed a motion to dismiss Getty's separate U.S. lawsuit last month. It did not immediately respond to a request for comment.
The Courts

Airbnb Sues NYC Over Limits On Short-Term Rentals (nytimes.com) 88

Airbnb has sued New York City in an attempt to overturn strict new regulations that restrict short-term rentals, claiming that the rules are "extreme and oppressive." The New York Times reports: A new law, passed by the city in 2021, sought to prevent illegal short-term rentals by requiring hosts to register with the city. Short-term rentals -- for fewer than 30 consecutive days -- have largely been barred if hosts are not present, according to state law, though the city and Airbnb have disagreed about how expansive such prohibitions and other complicated city codes should be. The city said it would start enforcing the law in July.

In the lawsuit filed on Thursday, Airbnb called the new scheme "extreme and oppressive" and said it clashes with a federal law that has shielded many tech platforms from liability for content posted by its users. Three Airbnb hosts also filed similar lawsuits, arguing that the rules were so complicated that nearly all hosts, even those who intended to be present when guests were around, would be unable to use the platform. The city said it was reviewing the lawsuit.
"This administration is committed to protecting safety and community livability for residents, preserving permanent housing stock, and ensuring our hospitality sector can continue to recover and thrive," Jonah Allon, a spokesman for the mayor, said in a statement.
Power

US Announces $46 Million In Funds To Eight Nuclear Fusion Companies (reuters.com) 111

The US Department of Energy has announced that eight American companies working on nuclear fusion energy will receive $46 million in government funding to pursue pilot plants aimed at generating power from fusion reactions. Reuters reports: The Energy Department's Milestone-Based Fusion Development Program hopes to help develop pilot-scale demonstration of fusion within a decade. "The Biden-Harris Administration is committed to partnering with innovative researchers and companies across the country to take fusion energy past the lab and toward the grid," Energy Secretary Jennifer Granholm said in a release. The awardees are: Commonwealth Fusion Systems, Focused Energy Inc, Princeton Stellarators Inc, Realta Fusion Inc, Tokamak Energy Inc, Type One Energy Group, Xcimer Energy Inc, and Zap Energy Inc

The funding, which comes from the Energy Act of 2020, is for the first 18 months. Projects may last up to five years, with future funding contingent on congressional appropriations and progress from the companies in meeting milestones.

Looking to launch fusion plants that use lasers or magnets, private companies and government labs spent $500 million on their supply chains last year, according to a Fusion Industry Association (FIA) survey. They plan to spend about $7 billion by the time their first plants come online, and potentially trillions of dollars mainly on high-grade steel, concrete and superconducting wire in a mature industry, estimated to be sometime between 2035 and 2050, the survey said.

Government

New Report Says American Government Agencies Are Using Malware Similar To Banned Pegasus Spyware (digitalinformationworld.com) 77

A new report has revealed that a government agency in the US, namely the Drug Enforcement Agency (DEA), is allegedly using a spyware called Paragon Graphite that shares similarities with the notorious Pegasus spyware. From a report: Pegasus was sold off to the government and other law firms. Moreover, we saw the firm making plenty of purchases through the likes of hackers. The software tends to give in to exploitation that can be achieved through zero clicks, all thanks to the great skill of hackers. Moreover, such software can produce its target without any interaction. [...] New reports by the Financial Times stated how the American Government makes use of this technology as it can pierce all sorts of protections linked to modern-day smart devices. Similarly, it can evade various forms of encryption for messaging applications such as WhatsApp and harvest data thanks to the likes of cloud backups. And yes, it's very similar to its counterpart Pegasus in this ordeal.

For now, the DEA is awfully hushed on the matter and not releasing any more comments on this situation. But it did reveal how its agency ended up purchasing Graphite to be used by agencies in Mexico so they could curb the drug cartel situation.
"According to four [industry figures], the US Drug Enforcement and Administration Agency is among the top customers for Paragon's signature product nicknamed Graphite," reports the Financial Times. "The malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like Signal or WhatsApp, sometimes harvesting the data from cloud backups -- much like Pegasus does."

The report adds: "Congressman Adam Schiff, the chair of the House Intelligence Committee, wrote to the DEA in December asking for more details on the purchase. Mexico is among the worst abusers of NO's Pegasus which it bought nearly a decade ago.

Schiff wrote: "such use [of spyware] could have potential implications for US national security, as well as run contrary to efforts to deter the broad proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them."
Facebook

Meta Threatens To Yank News Content From California Over Payments Bill (reuters.com) 68

Meta announced that it would remove news content from its platform in California if the state government passes legislation requiring tech companies to pay publishers. Reuters reports: The proposed California Journalism Preservation Act would require "online platforms" to pay a "journalism usage fee" to news providers whose work appears on their services, aimed at reversing a decline in the local news sector. In a tweeted statement, Meta spokesman Andy Stone called the payment structure a "slush fund" and said the bill would primarily benefit "big, out-of-state media companies under the guise of aiding California publishers."

The statement was Meta's first on the California bill specifically, although the company has been waging similar battles over compensation for news publishers at the federal level and in countries outside the United States.

Privacy

Amazon To Pay $30 Million For Alexa, Ring Privacy Violations (reuters.com) 16

Amazon and its subsidiary, Ring, have agreed to separate multi-million dollar settlements with the U.S. Federal Trade Commission (FTC) over privacy violations involving children's use of Alexa and homeowners' use of Ring doorbell cameras. Amazon will pay $25 million for failing to delete Alexa recordings as requested by parents and for keeping them longer than necessary, while Ring will pay $5.8 million for mishandling customers' videos. Reuters reports: "While we disagree with the FTC's claims regarding both Alexa and Ring, and deny violating the law, these settlements put these matters behind us," Amazon.com said in a statement. It also pledged to make some changes to its practices.

In its complaint against Amazon.com filed in Washington state, the FTC said that it violated rules protecting children's privacy and rules against deceiving consumers who used Alexa. For example, the FTC complaint says that Amazon told users it would delete voice transcripts and location information upon request, but then failed to do so.

The FTC also said Ring gave employees unrestricted access to customers' sensitive video data said "as a result of this dangerously overbroad access and lax attitude toward privacy and security, employees and third-party contractors were able to view, download, and transfer customers' sensitive video data for their own purposes." As part of the FTC agreement with Ring, which spans 20 years, Ring is required to disclose to customers how much access to their data the company and its contractors have.

Security

Ransomware Attack On US Dental Insurance Giant Exposes Data of 9 Million Patients (techcrunch.com) 18

An anonymous reader quotes a report from TechCrunch: An apparent ransomware attack on one of America's largest dental health insurers has compromised the personal information of almost nine million individuals in the United States. The Atlanta-based Managed Care of North America (MCNA) Dental claims to be the largest dental insurer in the nation for government-sponsored plans covering children and seniors. In a notice posted on Friday, the company said it became aware of "certain activity in our computer system that happened without our permission" on March 6 and later learned that a hacker "was able to see and take copies of some information in our computer system" between February 26 and March 7, 2023.

The information stolen includes a trove of patients' personal data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver's licenses or other government-issued ID numbers. Hackers also accessed patients' health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information. In some cases, some of this data pertained to a patient's "parent, guardian, or guarantor," according to MCNA Dental, suggesting that children's personal data was accessed during the breach. According to a data breach notification filed with Maine's attorney general, the hack affected more than 8.9 million clients of MCNA Dental. That makes this incident the largest breach of health information of 2023 so far, after the PharMerica breach that saw hackers access the personal data of almost 6 million patients.
The LockBit ransomware group took responsibility for the cyberattack and published 700GB of files after the company refused to pay a $10 million ransom demand.
Your Rights Online

California Senate Passes 'Right to Repair Act' 42

The California state Senate passed Sen. Susan Eggman's (Stockton) Right to Repair Act (SB 244) on Tuesday with a 38-0, bipartisan vote. From a report: It's the furthest a Right to Repair bill has advanced in the state. The bill would significantly expand consumers' and independent repair shops' access to the necessary parts, tools and service information required for repairing consumer electronics and appliances. "This is a huge victory for anyone who's ever been faced with limited options when their phone, fridge or other household electronics break down," said CALPIRG State Director Jenn Engstrom. "It's due time that California fixed its laws so that we can fix our stuff. For the hundreds of advocates and repair businesses and the untold number of consumers supporting Right to Repair, we're one huge step closer to making that happen."

Advocates have been pushing for Right to Repair legislation in California for 5 years. Similar bills have died in the Senate Appropriations Committee the past two years after intense industry lobbying efforts against their passage. But public support for the Right to Repair in the state has grown amid a swell of national momentum. New York, Colorado and Minnesota have all passed their own Right to Repair laws in the past year.
The Courts

Supreme Court Declines To Hear Bid To Sue Reddit Over Child Porn (reuters.com) 99

An anonymous reader quotes a report from Reuters: The U.S. Supreme Court on Tuesday declined to hear a bid by child pornography victims to overcome a legal shield for internet companies in a case involving a lawsuit accusing Reddit Inc of violating federal law by failing to rid the discussion website of this illegal content. The justices turned away the appeal of a lower court's decision to dismiss the proposed class action lawsuit on the grounds that Reddit was shielded by a U.S. statute called Section 230, which safeguards internet companies from lawsuits for content posted by users but has an exception for claims involving child sex trafficking. The Supreme Court on May 19 sidestepped an opportunity to narrow the scope of Section 230 immunity in a separate case.

Section 230 of the Communications Decency Act of 1996 protects "interactive computer services" by ensuring they cannot be treated as the "publisher or speaker" of information provided by users. The Reddit case explored the scope of a 2018 amendment to Section 230 called the Fight Online Sex Trafficking Act (FOSTA), which allows lawsuits against internet companies if the underlying claim involves child sex trafficking. Reddit allows users to post content that is moderated by other users in forums called subreddits. The case centers on sexually explicit images and videos of children posted to such forums by users. The plaintiffs -- the parents of minors and a former minor who were the subjects of the images -- sued Reddit in 2021 in federal court in California, seeking monetary damages. The plaintiffs accused Reddit of doing too little to remove or prevent child pornography and of financially benefiting from the illegal posts through advertising in violation of a federal child sex trafficking law.

The San Francisco-based 9th U.S. Circuit Court of Appeals in 2022 concluded that in order for the exception under FOSTA to apply, plaintiffs must show that an internet company "knowingly benefited" from the sex trafficking through its own conduct. Instead, the 9th Circuit concluded, the allegations "suggest only that Reddit 'turned a blind eye' to the unlawful content posted on its platform, not that it actively participated in sex trafficking." Reddit said in court papers that it works hard to find and prevent the sharing of child sexual exploitation materials on its platform, giving all users the ability to flag posts and using dedicated teams to remove illegal content.

Electronic Frontier Foundation

Federal Judge Makes History In Holding That Border Searches of Cell Phones Require a Warrant (eff.org) 79

In a groundbreaking ruling, a district court judge in New York, United States v. Smith (S.D.N.Y. May 11, 2023), declared that a warrant is necessary for cell phone searches at the border, unless there are urgent circumstances. The Electronic Frontier Foundation (EFF) reports: The Ninth Circuit in United States v. Cano (2019) held that a warrant is required for a device search at the border that seeks data other than "digital contraband" such as child pornography. Similarly, the Fourth Circuit in United States v. Aigbekaen (2019) held that a warrant is required for a forensic device search at the border in support of a domestic criminal investigation. These courts and the Smith court were informed by Riley v. California (2014). In that watershed case, the Supreme Court held that the police must get a warrant to search an arrestee's cell phone. [...]

The Smith court's application of Riley's balancing test is nearly identical to the arguments we've made time and time again. The Smith court also cited Cano, in which the Ninth Circuit engaged extensively with EFF's amicus brief even though it didn't go as far as requiring a warrant in all cases. The Smith court acknowledged that no federal appellate court "has gone quite this far (although the Ninth Circuit has come close)."

We're pleased that our arguments are moving through the federal judiciary and finally being embraced. We hope that the Second Circuit affirms this decision and that other courts -- including the Supreme Court -- are courageous enough to follow suit and protect personal privacy.

Education

Student Loan Payment Pause 'Gone' Under Debt Ceiling Deal 399

Longtime Slashdot reader theodp writes: House Speaker Kevin McCarthy (R-CA) said on Sunday that the student loan payment pause is "gone" in the debt ceiling deal announced by the California Republican and President Biden late Saturday night. "The pause is gone within 60 days of this being signed. So that is another victory because that brings in $5 billion each month to the American public," McCarthy told Fox News on Sunday. McCarthy's remarks came after he and Biden came to an agreement in principle late Saturday to cap spending and raise the debt ceiling.

"What the president did, he went unconstitutionally and said he was going to waive certain people part of their debt for student loan, but then he paused everybody's student loan. So everybody who borrowed a student loan within 60 days of the signing is going to have to pay that back," McCarthy added. "The Supreme Court is taking up that case. But if the Supreme Court came back and said that was unconstitutional, the president could still say he's pausing, not waiving it. But now that this is in law, the Supreme Court decision will have to be upheld, that they would have to pay."

Earlier this month, the NY Times warned students and their families to "Expect Interest Rates on Federal Student Loans to Rise" to as high as 8.05% for new PLUS loans this fall. That news came as Apple, just days after a recent $90 billion share buyback, filed a prospectus with the SEC for a new $5 billion bond program with longer-term bonds expected to have a coupon rate of approximately 5%. The imbalance between loan rates for students and Apple shareholders was actually far more pronounced before the Fed fund rate hikes started last year in response to inflation. During the pandemic, Apple -- which reported around $166.3 billion in cash and investments on its balance sheet as of March 31 -- held a bond sale worth $14 billion for stock buybacks and dividends to benefit from borrowing rates as low as 0.70%. Direct PLUS student loan rates at that time were down to 5.30% for new loans but as high as 8.5% for existing loans (the U.S. Dept. of Education does not offer refinancing of its up-to-30-year fixed rate loans in times of much lower interest rates). Unlike the tax-deductible interest Apple pays, annual deductions on student loan interest are capped by the IRS at $2,500 (or lower, depending on the borrower's income).

Despite presumably benefiting from stock buybacks and dividends facilitated by Apple's low-interest bonds -- some of which carry rates as much as 90%+ lower than certain federal student loans -- some of the Senators identified as Apple shareholders by NBCLX are vehemently opposed to the idea of student loan relief for high interest-paying borrowers. Senator Shelley Capito (R-WV) opposes the program as "not fair", Senator Pat Toomey (R-PA) called it "grossly unfair", and other Apple-shareholder Senators joined (PDF) colleagues in a Supreme Court filing calling student loan relief "unnecessary".
Biotech

Theranos CEO Elizabeth Holmes Begins 11-Year Prison Sentence (bbc.com) 77

Disgraced Theranos founder Elizabeth Holmes has begun her 11-year prison sentence after being convicted of four counts of fraud. The BBC reports: She will serve her term in a minimum-security prison in Texas. Holmes reported to the federal facility in Bryan, Texas, which holds between 500 and 700 inmates at any given time, on Tuesday. It is about 100 miles (160km) north of Houston, her hometown. Her arrival at the facility was confirmed by the Federal Bureau of Prisons, which declined to give any more details about her confinement, citing privacy concerns.

There, the woman once billed as the world's youngest self-made billionaire might work alongside other inmates for between 12 cents (10p) and $1.15 (93p) an hour - much of which will go towards her court-mandated restitution payments. [...] The Texas prison camp where Holmes will serve time is a sprawling 37-acre facility. Most inmates there have been convicted of non-violent crimes, low-level drug dealing or white-collar offenses. According to the facility's handbook, life largely revolves around work and extracurricular activities that include foreign language, computer literacy or business courses.

Holmes had fought to stay out of prison while her legal appeal works its way through the courts. She argued a delay would allow her to raise "substantial questions" about the case that could warrant a new trial. Her defense team also argued that she should remain free to care for her children, one who is nearly two and the other three months old. The Wall Street Journal reported the prison has facilities where inmates can host gatherings and where children can play. Holmes and other mothers are allowed to hold their children in their lap and breastfeed their infants, according to official Bureau of Prison guidelines.

The Courts

Lawyer Cited 6 Fake Cases Made Up By ChatGPT; Judge Calls It 'Unprecedented' (arstechnica.com) 48

An anonymous reader quotes a report from Ars Technica: A lawyer is in trouble after admitting he used ChatGPT to help write court filings that cited six nonexistent cases invented by the artificial intelligence tool. Lawyer Steven Schwartz of the firm Levidow, Levidow, & Oberman "greatly regrets having utilized generative artificial intelligence to supplement the legal research performed herein and will never do so in the future without absolute verification of its authenticity," Schwartz wrote in an affidavit (PDF) on May 24 regarding the bogus citations previously submitted in US District Court for the Southern District of New York.

Schwartz wrote that "the use of generative artificial intelligence has evolved within law rms" and that he "consulted the artificial intelligence website ChatGPT in order to supplement the legal research performed." The "citations and opinions in question were provided by ChatGPT which also provided its legal source and assured the reliability of its content," he wrote. Schwartz admitted that he "relied on the legal opinions provided to him by a source that has revealed itself to be unreliable," and stated that it is his fault for not confirming the sources provided by ChatGPT. Schwartz didn't previously consider the possibility that an artificial intelligence tool like ChatGPT could provide false information, even though AI chatbot mistakes have been extensively reported by non-artificial intelligence such as the human journalists employed by reputable news organizations. The lawyer's affidavit said he had "never utilized ChatGPT as a source for conducting legal research prior to this occurrence and therefore was unaware of the possibility that its content could be false."

Federal Judge Kevin Castel is considering punishments for Schwartz and his associates. In an order on Friday, Castel scheduled a June 8 hearing at which Schwartz, fellow attorney Peter LoDuca, and the law firm must show cause for why they should not be sanctioned. "The Court is presented with an unprecedented circumstance," Castel wrote in a previous order on May 4. "A submission filed by plaintiff's counsel in opposition to a motion to dismiss is replete with citations to non-existent cases... Six of the submitted cases appear to be bogus judicial decisions with bogus quotes and bogus internal citations." [...] In the order issued on Friday last week, Castel said that Schwartz may be sanctioned for "the citation of non-existent cases to the Court," "the submission to the Court of copies of non-existent judicial opinions," and "the use of a false and fraudulent notarization." Schwartz may also be referred to an attorney grievance committee for additional punishment.
Castel wrote that LoDuca may be sanctioned "for the use of a false and fraudulent notarization in his affidavit filed on April 25, 2023." The law firm could be sanctioned for "the citation of non-existent cases to the Court," "the submission to the Court of copies of non-existent judicial opinions annexed to the Affidavit filed on April 25, 2023," and "the use of a false and fraudulent notarization in the affidavit filed on April 25, 2023."
Piracy

Men Behind UK's Largest Pirate Service Jailed For 30+ Years (torrentfreak.com) 52

TorrentFreak: Five men behind pirate IPTV service 'Flawless' were sentenced to more than 30 years in prison today, after a private prosecution by the Premier League. A FACT test purchase in 2017 led to the involvement of four territorial police forces, three regional Trading Standards units, and the arrest of service kingpin, Mark Gould, in 2018. In less than two years, Flawless served over 50,000 UK households while generating millions in revenue.
Privacy

RaidForums User Data Leaked Online a Year After DOJ Takedown (techcrunch.com) 1

A database containing the details of almost half-a-million RaidForums users has leaked online, a year after the U.S. Department of Justice seized the notorious cybercrime forum. From a report: The leaked database was posted on Exposed, described by security researchers as an up-and-coming forum "wanting to fill the void" left by the recent BreachForums shutdown. An Exposed admin, known as "Impotent," posted the alleged RaidForums user data, which includes the details of 478,000 users, including their usernames, email addresses, hashed passwords and registration dates. "All of the users that were on raidforums may have been infected," the admin's post says. RaidForums had around 550,000 users at the time of its shutdown last year. The admin added that some users' details have been removed from the leak, though it's unclear how many or the reasoning behind this.
China

After Being Wrongfully Accused of Spying for China, Professor Wins Appeal To Sue the Government 89

Xiaoxing Xi, a Temple University professor who was falsely accused of spying for China, will be able to bring a lawsuit against the Federal Bureau of Investigation. From a report: A judge at a federal appeals court ruled in favor of Xi on Wednesday, allowing the physicist to move forward with his case against the U.S. government for wrongful prosecution and violating his family's constitutional rights by engaging in unlawful search, seizure and surveillance. The decision comes after FBI agents swarmed Xi's Philadelphia home in 2015, rounded up his family at gunpoint, and arrested him on fraud charges related to economic espionage, before abruptly dropping the charges months afterward.

"I'm very, very glad that we can finally put the government under oath to explain why they decided to do what they did, violating our constitutional rights," Xi said in an exclusive interview with NBC News. "We finally have an opportunity to hold them accountable." The case will now be kicked back to the district court, continuing a long legal battle. Xi, who's represented in part by the American Civil Liberties Union, attempted to bring a suit against the government in 2017, alleging that FBI agents "made knowingly or recklessly false statements" to support their investigation and prosecution. Xi also claimed that his arrest was discriminatory, and that he was targeted due to his ethnicity, much like other scholars of Chinese descent. A district court dismissed his case in 2021, but Xi appealed the decision last year.
Government

Automakers Ask Judge to Block Pending Enforcement of Massachusetts' Right-to-Repair Law (bostonglobe.com) 64

"Beginning next Thursday, Massachusetts Attorney General Andrea Joy Campbell plans to start enforcing the state's automotive right-to-repair law," reports the Boston Globe. "But this week, the world's top automakers asked a federal judge to stop her." The Alliance for Automotive Innovation, a car industry trade group, sued to block enforcement of the law almost from the moment it was passed by voter referendum in 2020. Ever since, the law has been tied up in the courtroom of US District Judge Douglas Woodlock. Now the alliance has asked Woodlock to grant a temporary injunction that would stop Campbell from enforcing the law until he issues a final ruling in the case.

Campbell's predecessor, now-Governor Maura Healey, repeatedly refrained from enforcing the law, pending Woodlock's decision. But Healey always reserved the right to reverse this policy if a ruling took too long. In March, Campbell said she would start enforcing the law effective June 1. "The people of Massachusetts deserve the benefit of the law they approved more than two years ago," she said in a document filed with the court.

But the carmakers say that only the federal government has the authority to enact such a law. They claim the law is so poorly drafted that they can't comply with it, and even if they could, compliance would weaken vehicle security, making it easier for cyber criminals to steal digital data about vehicles and their owners. Two carmakers, Kia and Subaru, have tried to comply with the law by switching off the telematic services in their cars. But the carmakers argue that this deprives consumers of the right to use these features, which include emergency roadside assistance that could potentially save lives.

Slashdot Top Deals