AI

Thomson Reuters Wins First Major AI Copyright Case In the US 54

An anonymous reader quotes a report from Wired: Thomson Reuters has won the first major AI copyright case in the United States. In 2020, the media and technology conglomerate filed an unprecedentedAI copyright lawsuit against the legal AI startup Ross Intelligence. In the complaint, Thomson Reuters claimed the AI firm reproduced materials from its legal research firm Westlaw. Today, a judge ruled (PDF) in Thomson Reuters' favor, finding that the company's copyright was indeed infringed by Ross Intelligence's actions. "None of Ross's possible defenses holds water. I reject them all," wrote US District Court of Delaware judge Stephanos Bibas, in a summary judgement. [...] Notably, Judge Bibas ruled in Thomson Reuters' favor on the question of fair use.

The fair use doctrine is a key component of how AI companies are seeking to defend themselves against claims that they used copyrighted materials illegally. The idea underpinning fair use is that sometimes it's legally permissible to use copyrighted works without permission -- for example, to create parody works, or in noncommercial research or news production. When determining whether fair use applies, courts use a four-factor test, looking at the reason behind the work, the nature of the work (whether it's poetry, nonfiction, private letters, et cetera), the amount of copyrighted work used, and how the use impacts the market value of the original. Thomson Reuters prevailed on two of the four factors, but Bibas described the fourth as the most important, and ruled that Ross "meant to compete with Westlaw by developing a market substitute."
"If this decision is followed elsewhere, it's really bad for the generative AI companies," says James Grimmelmann, Cornell University professor of digital and internet law.

Chris Mammen, a partner at Womble Bond Dickinson who focuses on intellectual property law, adds: "It puts a finger on the scale towards holding that fair use doesn't apply."
Electronic Frontier Foundation

Aaron Swartz Sculpture's Unveiling at Internet Archive Attended by 300 (sfstandard.com) 56

"The Internet's Own Boy" was inscribed below the bust, according to the San Francisco Standard, adding that the 312-pound marble statue "was crafted using a mix of AI-driven robotic milling and traditional hand carving."

It was unveiled Friday at the Internet Archive auditorium for a crowd of around 300 people. "Aaron's legacy is bringing people together to make change, said Cindy Cohn, the executive director of the Electronic Frontier Foundation. "There's a renaissance happening now in Aaron Swartz-land," said Lisa Rein, the co-founder of Creative Commons, a nonprofit devoted to expanding public access to information. She founded Aaron Swartz Day in 2013, an annual hackathon and tribute held on his birthday. There's now an Aaron Swartz Institute in Brazil, a documentary, multiple books and podcasts — even an Aaron Swartz memecoin ("Do not buy," she warned).

"It's great that people idolize him as long as they get the story right: He was not a martyr," Rein said, her eyes welling with tears. "He stood for freedom of access to information, especially for scientific research — things the public had already paid for."

The evening included a number of video tributes, which Rein played on a large screen behind the stage. They included commentary from science fiction author Cory Doctorow, members of the Aaron Swartz Institute in Brazil, and Cindy Cohn, the executive director of the Electronic Frontier Foundation... Emmett Shear, the former CEO of Twitch and a partner at Y Combinator, was one of the few people who knew Swartz personally. "I'm glad he's become a symbol, he would approve of that," he shared, his voice slightly breaking. "I really miss him."

Starting next week, the bust will be moved to the [Internet Archive] lobby, where it will remain until Peniche secures a permit to place it in a local park [said Evan Sirchuk, the Internet Archive's community and events coordinator]... "Aaron really means something to the San Francisco community," [Rein said]. "He can keep inspiring generations — even the ones who weren't alive when he was."

Tech blogger John Gruber thinks Swartz would appreciate that the bust came from people "aligned with Aaron's own righteous obsessions." But at the same time "I think he'd be a little weirded out. He wasn't a 'I hope they erect a larger-than-life statue of me' sort of guy.

"And if he had been, we wouldn't have loved him like we did. It's just a terrible thing that we lost him so young."
Crime

California Tech Founder Admits to Defrauding $4M For His Luxury Lifestyle (sfgate.com) 47

The tech startup "purported to make smart home and business products," writes America's Justice Department — products that were "meant to stop package theft, prevent weather damage to packages, and make it easier for emergency responders and delivery services to find homes and businesses." Royce Newcomb "developed prototypes of his products and received local and national media attention for them. For example, Time Magazine included his eLiT Address Box & Security System, which used mobile networks to pinpoint home and business locations, on its Best Inventions of 2021 list."

But then he told investors he'd also received a grant by the National Science Foundation — one of "several false representations to his investors to deceive and cheat them out of their money... Newcomb used the money to pay for gambling, a Mercedes and Jaguar, and a mansion." He also used the money to pay for refunds to other investors who wanted out, and to pay for new, unrelated projects without the investors' authorization. During this period, Newcomb also received a fraudulent COVID-19 loan for more than $70,000 from the Small Business Administration and fraudulent loans for more than $190,000 from private lenders. He lied about Strategic Innovations having hundreds of thousands and even millions in revenue to get these loans.

Newcomb was previously convicted federally in 2011 for running a real estate fraud scheme in Sacramento. He was sentenced to more than five years in prison for that offense, and he was on federal supervised release for that offense when he committed the offenses charged in this case... Newcomb faces maximum statutory penalties of 20 years in prison and a $250,000 fine for the wire fraud charge, and 10 years in prison and a $250,000 fine for the money laundering charge...

This effort is part of a California COVID-19 Fraud Enforcement Strike Force operation, one of five interagency COVID-19 fraud strike force teams established by the U.S. Department of Justice.

SFGate writes that "Despite receiving significant funding, his startup, Strategic Innovations, never made a dime or released any products to market, according to legal documents." The owner of a California tech startup has pleaded guilty to stealing over $4 million from investors, private lenders and the U.S. government in order to live a luxurious lifestyle, the United States Attorney's Office announced Monday... When investors asked about product delays and when they'd be paid back, Newcomb made excuses and provided conflicting info, telling them that there were supply chain issues or software problems, according to the indictment. In reality, federal prosecutors said, he was using the money to travel and continue to make these lavish personal expenses.
Bitcoin

El Salvador Congress Votes to Revoke Bitcoin's 'Legal Currency' Status (reason.com) 58

After finalizing loan terms with the IMF, El Salvador's Legislative Assembly approved changes to the country's Bitcoin Law last week by a 55-2 vote, "effectively removing bitcoin's status as legal currency," reports Reason. Under the new rules, bitcoin is no longer considered "currency," though it remains "legal tender." Another change makes using bitcoin entirely voluntary. (Previously, the law mandated that businesses accept bitcoin for any goods or services they provided.) Additionally, bitcoin can no longer be used to pay taxes or settle government debts. The government is also stepping back from its involvement in Chivo Wallet, the state-backed digital wallet...

The reforms come as part of a broader financial agreement between Bukele and the International Monetary Fund (IMF). One of the conditions for a proposed $1.4 billion Extended Fund Facility loan was that El Salvador mitigate "potential risks of the Bitcoin project." The IMF has been critical of the country's crypto policies since Bukele made bitcoin legal tender in 2021. "There are large risks associated with using Bitcoin as legal tender, especially given the high volatility of its price. We don't recommend it," the organization said in 2022.

Despite these changes, the administration insists it remains committed to bitcoin. Milena Mayorga, El Salvador's ambassador to the United States, has said that El Salvador is still a "bitcoin country" and will maintain — and even expand — its bitcoin reserves. "You have to adapt to the current situation and this is the decision that was taken in the Assembly, but that does not mean that the country will stop having a bitcoin reserve," she explained.

Government data suggests El Salvador now holds 6,072 Bitcoin worth $586,888,000.
United States

White House Moves to Halt Federal Funds for EV Charging Stations (politico.com) 288

Thursday the White House "moved to halt a $5 billion initiative to build electric vehicle charging stations," reports Politico, "by instructing states not to spend federal funds previously allocated to them..." NPR described the move as "putting in limbo billions of dollars allocated to states with current and future projects..."

Politico notes the move "appears to upend years of precedent in which federal promises of funds for highway projects had given states an all-but-guaranteed assurance that they were free to spend them. It also raises legal questions... Funding experts had told POLITICO last year that decades of legal precedent would largely insulate the charging money... Andrew Rogers [deputy administrator of the Federal Highway Administration, or FHWA, in the Biden administration] said in a text message that the new letter "appears to ignore both the law and multiple restraining orders that have been issued by federal courts." Rogers, who is now a senior vice president at Boundary Stone Partners, said the move appears to be "in direct violation" of the Impoundment Control Act of 1974, a Watergate-era law that prohibits presidents from unilaterally canceling congressionally approved spending. Trump has contended that the law is unconstitutional.
Politico also got a quote from the chief analyst at analytics firm Paren, who predicts lawsuits from affected states and that the final impact of the move will be "just causing havoc and slowing things down for awhile." [A letter to state transportation directors from the Federal Highway Administration] clarifies that states will be able to receive reimbursements for "existing obligations" to design and build stations "in order to not disrupt current financial commitments." According to the letter, FHWA plans to publish new draft guidance on the NEVI program in the spring, followed by a comment period, before issuing new final guidance. Only then will states be able to resubmit their annual implementation plans for all fiscal years of the program.
"But that doesn't mean that the program is going to be sunset or the funds are not going to be made available again to the states," Nick Nigro, the founder of Atlas Public Policy consultancy told NPR: Several experts tell NPR that as a result of its overwhelming bipartisan support at the time, attempts to overturn it within the executive branch are likely to be challenged in court. Nigro believes the funding will resume eventually...

So far, 56 stations [with multiple chargers] are up and running as a result of the program, while more than 900 sites in total have been "awarded" to date, according to Loren McDonald, chief analyst at Paren, another research analytics firm. McDonald said several hundred of the awarded sites are currently under construction and expected to open this year. He does not believe the FHWA has the authority to pause or rescind any aspect of the NEVI program... "I assume lawsuits from states will start soon, and this will go to court and Congress," McDonald said in a statement.

The move has "confounded states, which had been allocated billions of dollars by Congress for the program," the New York Times reported Friday. "[S]ome state officials said that as a result of the memo from the Trump administration, they had stopped work on the charging stations. Others said they intended to keep going."

The Washington Post reports that a Texas Department of Transportation official "said it would continue to deploy federal funds for EV chargers until it receives further guidance," and that Ryan Gallentine, managing director at the national business association Advanced Energy United, said that states "are under no obligation to stop these projects based solely on this announcement." Politico adds: Also on Thursday, FHWA took down several internet pages providing information on NEVI and its sister program, the $2.5 billion Charging and Fueling Infrastructure grant program... Amid the confusion, at least six states — Alabama, Oklahoma, Missouri, Rhode Island, Ohio and Nebraska — have put their NEVI programs on hold, according to McDonald. Rhode Island and Ohio had been considered leading states in implementing the program.
The Courts

Automakers Sue To Kill Maine's Hugely Popular 'Right To Repair' Law (techdirt.com) 41

Maine's overwhelmingly popular right-to-repair law is under attack by automakers through lawsuits and lobbying efforts aimed at weakening or delaying enforcement. While the law remains in limbo due to industry influence and legal challenges, broader enforcement issues persist across multiple states, with corporations often ignoring right-to-repair laws despite their legal passage. Techdirt reports: A little over a year ago, Maine residents voted overwhelmingly (83 percent) to pass a new state right to repair law designed to make auto repairs easier and more affordable. More specifically, the law requires that automakers standardize on-board diagnostic systems and provide remote access to those systems and mechanical data to consumers and third-party independent repair shops. But as we've seen with other states that have passed right to reform laws (most notably New York), passing the law isn't the end of the story. Corporate lobbyists have had great success not just watering these laws down before passage, but after voters approve them. They've also been swarmed by coordinated industry lawsuits and falsehood-spewing attacks.

Maine's popular right to repair law just took effect after a year of hashing out the fine details, but the bill's still being changed as the state tries to sort out enforcement. Large automakers have been looming over that process to try and weaken the law. But the Alliance For Automotive Innovation also just filed a new lawsuit saying the law isn't fully cooked and therefore violates the law: "This is an example of putting the cart before the horse. Before automakers can comply, the law requires the attorney general to first establish an 'independent entity' to securely administer access to vehicle data. The independent entity hasn't been established. That's not in dispute. Compliance with the law right now is not possible."

Privacy

OpenAI Investigating Claim of 20 Million Stolen User Credentials 15

OpenAI says it's investigating after a hacker claimed to have stolen login credentials for 20 million OpenAI accounts and advertised the data for sale on a dark web forum. Though security researchers doubt on the legitimacy of the breach, the AI company stated that it takes the claims seriously, advising users to enable two-factor authentication and stay vigilant against phishing attempts. Decrypt reports: Daily Dot reporter Mikael Thalan wrote on X that he found invalid email addresses in the supposed sample data: "No evidence (suggests) this alleged OpenAI breach is legitimate. At least two addresses were invalid. The user's only other post on the forum is for a stealer log. Thread has since been deleted as well."

"We take these claims seriously," the spokesperson said, adding: "We have not seen any evidence that this is connected to a compromise of OpenAI systems to date."
Patents

Amazon Says Germany Customers Won't Lose Amazon Prime As a Result of Nokia Patent Win 12

A German court has ruled that Amazon's Prime Video service violates a Nokia-owned patent, ordering Amazon to stop streaming in its current form or face fines of 250,000 euros per violation. However, Amazon assured customers in a statement on Friday that there is no risk of losing access to Prime Video because the decision affects only a limited functionality related to casting videos between devices.

"Prime Video will comply with this local judgement and is currently considering next steps. However, there is absolutely no risk at all for customers losing access to Prime Video," Amazon's Prime Video spokesperson told Reuters. Meanwhile, Nokia's chief licensing officer, Arvin Patel, said: "...the innovation ecosystem breaks down if patent holders are not fairly compensated for the use of their technologies, as it becomes much harder for innovators to fund the development of next generation technologies."
Security

Phishing Tests, the Bane of Work Life, Are Getting Meaner (msn.com) 99

U.S. employers are deploying increasingly aggressive phishing tests to combat cyber threats, sparking backlash from workers who say the simulated scams create unnecessary panic and distrust in the workplace. At the University of California, Santa Cruz, a test email about a fake Ebola outbreak sent staff scrambling before learning it was a security drill. At Lehigh Valley Health Network, employees who fall for phishing tests lose external email access, with termination possible after three failures.

Despite widespread use, recent studies question these tests' effectiveness. Research from ETH Zurich found that phishing tests combined with voluntary training actually made employees more vulnerable, while a University of California, San Diego study showed only a 2% reduction [PDF] in phishing success rates. "These are just an ineffective and inefficient way to educate users," said Grant Ho, who co-authored the UCSD study.
Security

Ransomware Payments Dropped 35% In 2024 (therecord.media) 44

An anonymous reader quotes a report from CyberScoop: Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity to date. Chainalysis itself warned in its mid-year report that 2024's activity was on pace to reach new heights, but attacks in the second half of the year tailed off. The total amount in payments that Chainalysis tracked in 2024 was $812.55 million, down from 2023's mark of $1.25 billion.

The disruption of major ransomware groups, such as LockBit and ALPHV/BlackCat, were key to the reduction in ransomware payments. Operations spearheaded by agencies like the United Kingdom's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) caused significant declines in LockBit activity, while ALPHV/BlackCat essentially rug-pulled its affiliates and disappeared after its attack on Change Healthcare. [...] Additionally, [Chainalysis] says more organizations have become stronger against attacks, with many choosing not to pay a ransom and instead using better cybersecurity practices and backups to recover from these incidents. [...]
Chainalysis also says ransomware operators are letting funds sit in wallets, refraining from moving any money out of fear they are being watched by law enforcement.

You can read the full report here.
Government

Bill Banning Social Media For Youngsters Advances (politico.com) 86

The Senate Commerce Committee approved the Kids Off Social Media Act, banning children under 13 from social media and requiring federally funded schools to restrict access on networks and devices. Politico reports: The panel approved the Kids Off Social Media Act -- sponsored by the panel's chair, Texas Republican Ted Cruz, and a senior Democrat on the panel, Hawaii's Brian Schatz -- by voice vote, clearing the way for consideration by the full Senate. Only Ed Markey (D-Mass.) asked to be recorded as a no on the bill. "When you've got Ted Cruz and myself in agreement on something, you've pretty much captured the ideological spectrum of the whole Congress," Sen. Schatz told POLITICO's Gabby Miller.

[...] "KOSMA comes from very good intentions of lawmakers, and establishing national screen time standards for schools is sensible. However, the bill's in-effect requirements on access to protected information jeopardize all Americans' digital privacy and endanger free speech online," said Amy Bos, NetChoice director of state and federal affairs. The trade association represents big tech firms including Meta and Google. Netchoice has been aggressive in combating social media legislation by arguing that these laws illegally restrict -- and in some cases compel -- speech. [...] A Commerce Committee aide told POLITICO that because social media platforms already voluntarily require users to be at least 13 years old, the bill does not restrict speech currently available to kids.

The Internet

Believing in Aliens Derailed This Internet Pioneer's Career. Now He's Facing Prison (bloomberg.com) 44

Joseph Firmage, a former Silicon Valley prodigy who built a $2.5 billion web services company in the 1990s, is now being sued by investors who claim he defrauded them through an alleged antigravity machine scheme. In 1998, at the height of his success as CEO of USWeb, Firmage claimed an alien appeared in his bedroom, derailing his corporate career. He then spent decades pursuing UFO research and attempting to develop antigravity propulsion technology, raising millions from investors.

Court documents allege Firmage and associates are responsible for roughly $25 million in losses through various companies and schemes. Some investors say he used elaborate ruses, including people impersonating government officials, to solicit funds. Firmage, currently in jail on elder abuse charges, maintains he was actually the victim of international scammers who exploited his access to investors.
The Internet

Let's Encrypt Is Ending Expiration Notice Emails (arstechnica.com) 50

Let's Encrypt will stop sending expiration notice emails for its free HTTPS certificates starting June 4, 2025. From the report: Let's Encrypt is ending automated emails for four stated reasons, and all of them are pretty sensible. For one thing, lots of customers have been able to automate their certificate renewal. For another, providing the expiration notices costs "tens of thousands of dollars per year" and adds complexity to the nonprofit's infrastructure as they are looking to add new and more useful services.

If those were not enough, there is this particularly notable reason: "Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us." Let's Encrypt recommends using Red Sift Certificates Lite to monitor certificate expirations, a service that is free for up to 250 certificates. The service also points to other options, including Datadog SSL monitoring and TrackSSL.

Java

Oracle Starts Laying Mines In JavaScript Trademark Battle (theregister.com) 36

The Register's Thomas Claburn reports: Oracle this week asked the US Patent and Trademark Office (USPTO) to partially dismiss a challenge to its JavaScript trademark. The move has been criticized as an attempt to either stall or water down legal action against the database goliath over the programming language's name. Deno Land, the outfit behind the Deno JavaScript runtime, filed a petition with the USPTO back in November in an effort to make the trademarked term available to the JavaScript community. This legal effort is led by Node.js creator and Deno Land CEO Ryan Dahl, summarized on the JavaScript.tm website, and supported by more than 16,000 members of the JavaScript community. It aims to remove the fear of an Oracle lawsuit for using the term "JavaScript" in a conference title or business venture.

"Programmers working with JavaScript have formed innumerable community organizations," the website explains. "These organizations, like the standards bodies, have been forced to painstakingly avoid naming the programming language they are built around -- for example, JSConf. Sadly, without risking a legal trademark challenge against Oracle, there can be no 'JavaScript Conference' nor a 'JavaScript Specification.' The world's most popular programming language cannot even have a conference in its name." [...] In the initial trademark complaint, Deno Land makes three arguments to invalidate Oracle's ownership of "JavaScript." The biz claims that JavaScript has become a generic term; that Oracle committed fraud in 2019 when it applied to renew its trademark; and that Oracle has abandoned its trademark because it does not offer JavaScript products or services.

Oracle's motion on Monday focuses on the dismissal of the fraud claim, while arguing that it expects to prevail on the other two claims, citing corporate use of the trademarked term "in connection with a variety of offerings, including its JavaScript Extension Toolkit as well as developer's guides and educational resources, and also that relevant consumers do not perceive JavaScript as a generic term." The fraud claim follows from Deno Land's assertion that the material Oracle submitted in support of its trademark renewal application has nothing to do with any Oracle product. "Oracle, through its attorney, submitted specimens showing screen captures of the Node.js website, a project created by Ryan Dahl, Petitioner's Chief Executive Officer," the trademark cancellation petition says. "Node.js is not affiliated with Oracle, and the use of screen captures of the 'nodejs.org' website as a specimen did not show any use of the mark by Oracle or on behalf of Oracle."

Oracle contends that in fact it submitted two specimens to the USPTO -- a screenshot from the Node.js website and another from its own Oracle JavaScript Extension Toolkit. And this, among other reasons, invalidates the fraud claim, Big Red's attorneys contend. "Where, as here, Registrant 'provided the USPTO with [two specimens]' at least one of which shows use of the mark in commerce, Petitioner cannot plausibly allege that the inclusion of a second, purportedly defective specimen, was material," Oracle's motion argues, adding that no evidence of fraudulent intent has been presented. Beyond asking the court to toss the fraud claim, Oracle has requested an additional thirty days to respond to the other two claims.

China

Researchers Link DeepSeek To Chinese Telecom Banned In US (apnews.com) 86

An anonymous reader quotes a report from the Associated Press: The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek.

In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. [...] The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.

The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military.
"It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it," said Ivan Tsarynny, CEO of Feroot. "It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke," Tsarynny said.

Further reading: Senator Hawley Proposes Jail Time For People Who Download DeepSeek
Cellphones

Robocallers Posing As FCC Staff Blocked After Robocalling Real FCC Staff (arstechnica.com) 29

An anonymous reader quotes a report from Ars Technica: Robocallers posing as employees of the Federal Communications Commission made the mistake of trying to scam real employees of the FCC, the FCC announced yesterday. "On the night of February 6, 2024, and continuing into the morning of February 7, 2024, over a dozen FCC staff and some of their family members reported receiving calls on their personal and work telephone numbers," the FCC said. The calls used an artificial voice that said, "Hello [first name of recipient] you are receiving an automated call from the Federal Communications Commission notifying you the Fraud Prevention Team would like to speak with you. If you are available to speak now please press one. If you prefer to schedule a call back please press two."

You may not be surprised to learn that the FCC does not have any "Fraud Prevention Team" like the one mentioned in the robocalls, and especially not one that demands Google gift cards in lieu of jail time. "The FCC's Enforcement Bureau believes the purpose of the calls was to threaten, intimidate, and defraud," the agency said. "One recipient of an imposter call reported that they were ultimately connected to someone who 'demand[ed] that [they] pay the FCC $1,000 in Google gift cards to avoid jail time for [their] crimes against the state.'" The FCC said it does not "publish or otherwise share staff personal phone numbers" and that it "remains unclear how these individuals were targeted." Obviously, robocallers posing as FCC employees probably wouldn't intentionally place scam calls to real FCC employees. But FCC employees are just as likely to get robocalls as anyone else. This set of schemers apparently only made about 1,800 calls before their calling accounts were terminated.

The FCC described the scheme yesterday when it announced a proposed fine of $4,492,500 against Telnyx, the voice service provider accused of carrying the robocalls. The FCC alleges that Telnyx violated "Know Your Customer (KYC)" rules by providing access to calling services without verifying the customers' identities. When contacted by Ars today, Telnyx denied the FCC's allegations and said it will contest the proposed fine.

Security

First OCR Spyware Breaches Both Apple and Google App Stores To Steal Crypto Wallet Phrases (securelist.com) 24

Kaspersky researchers have discovered malware hiding in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries. Dubbed "SparkCat" by security firm ESET, the malware was embedded in several messaging and food delivery apps, with the infected Google Play apps accumulating over 242,000 downloads combined.

This marks the first known instance of such OCR-based spyware making it into Apple's App Store. The malware, active since March 2024, masquerades as an analytics SDK called "Spark" and leverages Google's ML Kit library to scan users' photos for wallet recovery phrases in multiple languages. It requests gallery access under the guise of allowing users to attach images to support chat messages. When granted access, it searches for specific keywords related to crypto wallets and uploads matching images to attacker-controlled servers.

The researchers found both Android and iOS variants using similar techniques, with the iOS version being particularly notable as it circumvented Apple's typically stringent app review process. The malware's creators appear to be Chinese-speaking actors based on code comments and server error messages, though definitive attribution remains unclear.
China

USPS Halts All Packages From China, Sending the Ecommerce Industry Into Chaos (wired.com) 443

The United States Postal Service has suspended all package shipments from China and Hong Kong following President Donald Trump's decision to eliminate the de minimis exemption, which previously allowed small packages under $800 to enter the U.S. without import duties. "The move could potentially create chaos and confusion across the online shopping industry, as well as make purchases more expensive for consumers, especially because many global manufacturers and internet sellers are located in China," reports Wired. "Shoppers are now on the hook not only for the additional 10 percent tariff, but also whatever original tax rate their products were exempted from until Tuesday." From the report: Cindy Allen, who has worked in international trade for over 30 years and is the CEO of the consulting firm Trade Force Multiplier, gave WIRED an example of how much additional cost the tariff will incur: A woman's dress made of synthetic fiber shipped from China through de minimis will now be subject to a regular 16 percent tariff, a 7.5 percent Section 301 duty specifically for goods from China, the new 10 percent tariff required by Trump, additional processing fees and customs brokerage fees, and perhaps increased brokering and handling costs due to the sudden change in rules. "Will the dress that was $5 now cost $5.50 or $15?" says Allen. "That we don't know. It depends on how those retailers react and change their business models."

In the immediate term, clearing customs will become a challenge for most ecommerce companies. Their long-term concern, though, is the potential impact on profitability. The appeal of Temu and Shein and similar Chinese ecommerce companies is how affordable their products are. If that changes, the ecommerce landscape and consumer behavior in the US may change significantly as well. While the USPS has announced the suspension of accepting any parcels from China and Hong Kong, CBP hasn't elaborated on how the agency will enforce Trump's new tariffs other than saying in an announcement that it will reject de minimis exemption requests from China starting today.

Network

$42 Billion Broadband Grant Program May Scrap Biden Admin's Preference For Fiber (arstechnica.com) 106

An anonymous reader quotes a report from Ars Technica: US Senator Ted Cruz (R-Texas) has been demanding an overhaul of a $42.45 billion broadband deployment program, and now his telecom policy director has been chosen to lead the federal agency in charge of the grant money. "Congratulations to my Telecom Policy Director, Arielle Roth, for being nominated to lead NTIA," Cruz wrote last night, referring to President Trump's pick to lead the National Telecommunications and Information Administration. Roth's nomination is pending Senate approval. Roth works for the Senate Commerce Committee, which is chaired by Cruz. "Arielle led my legislative and oversight efforts on communications and broadband policy with integrity, creativity, and dedication," Cruz wrote.

Shortly after Trump's election win, Cruz called for an overhaul of the Broadband Equity, Access, and Deployment (BEAD) program, which was created by Congress in November 2021 and is being implemented by the NTIA. Biden-era leaders of the NTIA developed rules for the program and approved initial funding plans submitted by every state and territory, but a major change in approach could delay the distribution of funds. Cruz previously accused the NTIA of "technology bias" because the agency prioritized fiber over other types of technology. He said Congress would review BEAD for "imposition of statutorily-prohibited rate regulation; unionized workforce and DEI labor requirements; climate change assessments; excessive per-location costs; and other central planning mandates."

Roth criticized the BEAD implementation at a Federalist Society event in June 2024. "Instead of prioritizing connecting all Americans who are currently unserved to broadband, the NTIA has been preoccupied with attaching all kinds of extralegal requirements on BEAD and, to be honest, a woke social agenda, loading up all kinds of burdens that deter participation in the program and drive up costs," she said. Municipal broadband networks and fiber networks in general could get less funding under the new plans. Roth is "expected to change the funding conditions that currently include priority access for government-owned networks" and "could revisit decisions like the current preference for fiber," Bloomberg reported, citing people familiar with the matter.
Congress defined priority broadband projects under BEAD as those that "ensure that the network built by the project can easily scale speeds over time to meet the evolving connectivity needs of households and businesses; and support the deployment of 5G, successor wireless technologies, and other advanced services."

The Biden NTIA determined that only end-to-end fiber-optic architecture meet these criteria. "End-to-end fiber networks can be updated by replacing equipment attached to the ends of the fiber-optic facilities, allowing for quick and relatively inexpensive network scaling as compared to other technologies. Moreover, new fiber deployments will facilitate the deployment and growth of 5G and other advanced wireless services, which rely extensively on fiber for essential backhaul," the Biden NTIA said (PDF).
Crime

Senator Hawley Proposes Jail Time For People Who Download DeepSeek 226

Senator Josh Hawley has introduced a bill that would criminalize the import, export, and collaboration on AI technology with China. What this means is that "someone who knowingly downloads a Chinese developed AI model like the now immensely popular DeepSeek could face up to 20 years in jail, a million dollar fine, or both, should such a law pass," reports 404 Media. From the report: Hawley introduced the legislation, titled the Decoupling America's Artificial Intelligence Capabilities from China Act, on Wednesday of last year. "Every dollar and gig of data that flows into Chinese AI are dollars and data that will ultimately be used against the United States," Senator Hawley said in a statement. "America cannot afford to empower our greatest adversary at the expense of our own strength. Ensuring American economic superiority means cutting China off from American ingenuity and halting the subsidization of CCP innovation."

Hawley's statement explicitly says that he introduced the legislation because of the release of DeepSeek, an advanced AI model that's competitive with its American counterparts, and which its developers claimed was made for a fraction of the cost and without access to as many and as advanced of chips, though these claims are unverified. Hawley's statement called DeepSeek "a data-harvesting, low-cost AI model that sparked international concern and sent American technology stocks plummeting." Hawley's statement says the goal of the bill is to "prohibit the import from or export to China of artificial intelligence technology, "prohibit American companies from conducting AI research in China or in cooperation with Chinese companies," and "Prohibit U.S. companies from investing money in Chinese AI development."

Slashdot Top Deals