An anonymous reader quotes a report from TorrentFreak: When the French government formed a new anti-piracy agency called Hadopi, the mission was to significantly disrupt BitTorrent and similar peer-to-peer file-sharing networks. Hadopi was a pioneer of the so-called "graduated response" scheme which consists of monitoring a file-sharer's internet activities and following up with a warning notice to deter their behavior. Any future incidents attract escalating responses including fines and internet disconnections. Between 2010 and 2020, Hadopi issued 12.7 million warning notices at a cost to French taxpayers of 82 million euros. The program's effect on overall piracy rates remains up for debate but according to French internet rights groups, Hadopi doesn't just take citizens' money. When it monitors citizens' internet activities, retains huge amounts of data, and then links identities to IP addresses to prevent behavior that isn't a "serious crime," Hadopi violates fundamental rights.

Despite its authorization under the new law, the official launch of the Hadopi agency in 2009 met with significant opposition. File-sharers had issues with the program for obvious reasons but for digital rights group La Quadrature du Net, massive internet surveillance to protect copying rights had arrived at the expense of citizens' fundamental right to privacy. La Quadrature's opposition to the Hadopi anti-piracy program focuses on the law crafted to support it. One of the implementing decrees authorizes the creation of files containing internet users' IP addresses plus personal identification data obtained from their internet service providers. According to the digital rights group's interpretation of EU law, that is unlawful.

With support from the Federation of Associative Internet Service Providers, French Data Network, and Franciliens.net, in 2019 La Quadrature filed an appeal before the Council of State (Conseil d'Etat), requesting a repeal of the decree that authorizes the processing of personal information. The Council of State referred the matter to the Constitutional Council and its subsequent decision gave La Quadrature the impression that Hadopi's position was untenable. For their part, Hadopi and the government reached the opposite conclusion. The Council of State heard La Quadrature's appeal and then referred questions to the Court of Justice of the European Union (CJEU) for interpretation under EU law. In CJEU Advocate General Szpunar's non-binding opinion issued last October, friction between privacy rights and the ability to enforce copyrights were on full display. [...] Faced with an opinion that recognizes difficulties faced by rightsholders but runs up against case-law, AG Szpunar proposed "readjustment of the case-law of the Court." This would ensure that rightsholders retain the ability to enforce their rights, when an IP address is the only means by which an infringer can be identified (CJEU, pdf). The first court hearing occurred on Tuesday, and a further legal opinion is expected in late September 2023. The ruling from the CJEU is expected before the end of the year.

Companies in Apple's third-party repair program say delays in the process and high pricing for parts make it almost impossible to compete with the juggernaut. From a report: In 2021 Apple, under pressure from a Productivity Commission review on the "right to repair," launched its independent repair provider program in Australia. It was trumpeted as a way for small companies to compete with Apple to repair their products -- such as the iPhone -- using Apple tools and spare parts. At the time, repairers said they felt the move was a token gesture designed to head off any potential right-to-repair legislation that would have been recommended by the Productivity Commission review. Two years later, some say their fears have been realised. A number of repairers Guardian Australia has spoken to in Australia and the US suggest Apple's slow response times and the high cost for replacement parts makes it almost impossible for them to be viable competitors. The repairers requested anonymity to speak about the program, fearing that reprisals from the California-based tech giant might prevent them from remaining in the program.

Apple has indicated it takes an average of eight weeks for repairers to be admitted to the program, but repairers Guardian Australia has spoken to said the wait time can be up to six months -- and that it feels like the applications sit in a black hole, without any point of contact within Apple to provide an update on their status. Once repairers are admitted to the program, they receive training from Apple, as well as access to Apple parts, tools, repair manuals and diagnostic software for the company's iPhones and Macs. But they say the price of the parts, as well as the process to get a discounted rate for replacement parts, make it difficult for repairers to compete with Apple's own repair program. One repairer, who says his business repairs between 30 and 40 Apple products every week, said the average repair takes between an hour to an hour and a half. If it charge the rate Apple charges customers for repairs, then its maximum margin is about $60.

The United States Supreme Court has released its opinion on The Andy Warhol Foundation v. Goldsmith case, finding in favor of Lynn Goldsmith and stating that Warhol's use of her photo was not fair use. From a report: For those unfamiliar, the Warhol v. Goldsmith case has been ongoing for several years and involves photographer Lynn Goldsmith's photo of Prince and Andy Warhol's use of that photo which his Foundation argues was fair use. The details of the case to this point can be read in prior coverage, but in summary, Goldsmith had been victorious in the most recent court's decision leading up to this point. The Andy Warhol Foundation had appealed the decision to the Supreme Court, who has affirmed the lower court's decision and sealed Goldsmith's win.

In an 87-page [PDF], seven-to-two opinion written by Justice Sotomayor, the Supreme Court has ruled that Warhol's use of Goldsmith's Prince photo was not transformative enough to warrant fair use and was instead a violation of her copyright. Justices Roberts and Kagan dissented. "Although new expression, meaning, or message may be relevant to whether a copying use has a sufficiently distinct purpose or character, it is not, without more, dispositive of the first factor," the court holds. "The 'purpose and character' of Andy Warhol Foundation's (AWF) use of Goldsmith's photograph in commercially licensing Orange Prince to Conde Nast does not favor AWF's fair use defense to copyright infringement."

An anonymous reader quotes a report from the Associated Press: Five TikTok content creators have filed a lawsuit seeking to overturn Montana's first-in-the-nation ban on the video sharing app, arguing the law is an unconstitutional violation of free speech rights. The Montana residents also argued in the complaint, filed in federal court late Wednesday without public notice, that the state doesn't have any authority over matters of national security. Republican Gov. Greg Gianforte signed the bill into law Wednesday and said it would protect Montana residents' private data and personal information from being harvested by the Chinese government. The ban is scheduled to take effect on Jan. 1, 2024.

"The law takes the broadest possible approach to its objectives, restricting and banning the protected speech of all TikTok users in Montana to prevent the speculative and unsubstantiated possibility that the Chinese government might direct TikTok Inc., or its parent, to spy on some Montana users," the complaint states. "We expected a legal challenge and are fully prepared to defend the law," said Emily Flower, spokeswoman for the Montana Department of Justice. TikTok has argued the law infringes on people's First Amendment rights. However, spokesperson Brooke Oberwetter declined to comment on the lawsuit Thursday. She also declined to say whether the company helped coordinate the complaint.

The plaintiffs are Montana residents who use the video-sharing app for things like promoting a business, connecting with military veterans, sharing outdoor adventures or expressing their sense of humor. Two of them have more than 200,000 followers. One content creator, Carly Ann Goddard, shares videos about living on a ranch, parenting, recipes and home decor. Her account has 97,000 followers and has allowed her to roughly triple her family's household income, the complaint states. TikTok creators can make money in several ways, including by being paid to advertise products to their followers. The lawsuit -- filed just hours after Gianforte signed the measure into law -- states the ban would "immediately and permanently deprive Plaintiffs of their ability to express themselves and communicate with others." "Montana can no more ban its residents from viewing or posting to TikTok than it could ban the Wall Street Journal because of who owns it or the ideas it publishes," the plaintiffs' attorneys wrote.

A former CFO of a Seattle startup is accused of diverting $35 million and losing it when the crypto market crashed last year (Warning: source paywalled; alternative source), according to a report. The CFO allegedly used the funds for personal expenses and investments without authorization. The Seattle Times reports: Nevin Shetty, 39, was hired in March 2021 as CFO of a company called fabric, which makes software platforms for retail commerce. About a year later, after the company informed him it was letting him go over job performance concerns, he secretly took the money and transferred it to HighTower Treasury, a crypto platform he controlled as a side business, the indictment said. His idea was to pay the company 6% interest while retaining profits above that, but soon the $35 million investment was practically worthless, the U.S. Attorney's Office in Seattle said in a news release.

The indictment in U.S. District Court charged Shetty with four counts of wire fraud. He is scheduled to be arraigned May 25. Shetty's attorney, Cooper Offenbecher, said in an emailed statement that he and his client had been in regular contact with prosecutors and disagreed with the decision to bring an indictment. "As the CFO of his former employer, tasked with making investment decisions for its benefit, Mr. Shetty was personally devastated by these losses, which occurred as a result of a catastrophic crash in the cryptocurrency market in May 2022," Offenbecher wrote. "We look forward to responding to these allegations in Court."

Prosecutors, however, said that as the company raised hundreds of millions of dollars in startup funding, it adopted a conservative approach to managing that money -- a policy that Shetty had helped draft. According to the Seattle tech news website GeekWire, fabric had raised more than $293 million by February 2022 and was valued at $1.5 billion. In an emailed statement, the company said it had been cooperating with law enforcement and appreciated the work of the FBI and federal prosecutors. "While the amount taken is substantial, fabric remains very well-funded with years of runway," the statement said.

Adi Robertson writes via The Verge: The Supreme Court has declined to consider reinterpreting foundational internet law Section 230, saying it wasn't necessary for deciding the terrorism-related case Gonzalez v. Google. The ruling came alongside a separate but related ruling in Twitter v. Taamneh, where the court concluded that Twitter had not aided and abetted terrorism. In an unsigned opinion (PDF) issued today, the court said the underlying complaints in Gonzalez were weak, regardless of Section 230's applicability. The case involved the family of a woman killed in a terrorist attack suing Google, which the family claimed had violated the law by recommending terrorist content on YouTube. They sought to hold Google liable under anti-terrorism laws.

The court dismissed the complaint largely because of its unanimous ruling (PDF) in Twitter v. Taamneh. Much like in Gonzalez, a family alleged that Twitter knowingly supported terrorists by failing to remove them from the platform before a deadly attack. In a ruling authored by Justice Clarence Thomas, however, the court declared that the claims were "insufficient to establish that these defendants aided and abetted ISIS" for the attack in question. Thomas declared that Twitter's failure to police terrorist content failed the requirement for some "affirmative act" that involved meaningful participation in an illegal act. "If aiding-and-abetting liability were taken too far, then ordinary merchants could become liable for any misuse of their goods and services, no matter how attenuated their relationship with the wrongdoer," writes Thomas. That includes "those who merely deliver mail or transmit emails" becoming liable for the contents of those messages or even people witnessing a robbery becoming liable for the theft. "There are no allegations that defendants treated ISIS any differently from anyone else. Rather, defendants' relationship with ISIS and its supporters appears to have been the same as their relationship with their billion-plus other users: arm's length, passive, and largely indifferent."

For Gonzalez v. Google, "the allegations underlying their secondary-liability claims are materially identical to those at issue in Twitter," says the court. "Since we hold that the complaint in that case fails to state a claim for aiding and abetting ... it appears to follow that the complaint here likewise fails to state such a claim." Because of that, "we therefore decline to address the application of 230 to a complaint that appears to state little, if any, plausible claim for relief." [...] The Gonzalez ruling is short and declines to deal with many of the specifics of the case. But the Twitter ruling does take on a key question from Gonzalez: whether recommendation algorithms constitute actively encouraging certain types of content. Thomas appears skeptical: "To be sure, plaintiffs assert that defendants' 'recommendation' algorithms go beyond passive aid and constitute active, substantial assistance. We disagree. By plaintiffs' own telling, their claim is based on defendants' 'provision of the infrastructure which provides material support to ISIS.' Viewed properly, defendants' 'recommendation' algorithms are merely part of that infrastructure. All the content on their platforms is filtered through these algorithms, which allegedly sort the content by information and inputs provided by users and found in the content itself. As presented here, the algorithms appear agnostic as to the nature of the content, matching any content (including ISIS' content) with any user who is more likely to view that content. The fact that these algorithms matched some ISIS content with some users thus does not convert defendants' passive assistance into active abetting. Once the platform and sorting-tool algorithms were up and running, defendants at most allegedly stood back and watched; they are not alleged to have taken any further action with respect to ISIS." "The interpretation may deal a blow to one common argument for adding special liability to social media: the claim that recommendation systems go above and beyond simply hosting content and explicitly encourage that content," adds Robertson. "This ruling's reasoning suggests that simply recommending something on an 'agnostic' basis -- as opposed to, in one hypothetical from Thomas, creating a system that 'consciously and selectively chose to promote content provided by a particular terrorist group' -- isn't an active form of encouragement."

The Supreme Court on Thursday sidestepped a case against Google that might have allowed more lawsuits against social media companies. From a report: The justices' decision returns to a lower court the case of a family of an American college student who was killed in an Islamic State terrorist attack in Paris. The family wants to sue Google for YouTube videos they said helped attract IS recruits and radicalize them. Google claims immunity from the lawsuit under a 1996 law that generally shields social media company for content posted by others. Lower courts agreed with Google. The justices had agreed to consider whether the legal shield is too broad. But in arguments in February, several sounded reluctant to weigh in now. In an unsigned opinion Thursday, the court wrote that it was declining to address the law at issue.

Montana is now the first U.S. state to ban TikTok after Montana Governor Greg Gianforte signed legislation to ban the app from operating in the state. Reuters reports: Montana will make it unlawful for Google and Apple's app stores to offer the TikTok app within its borders. The ban takes effect Jan. 1, 2024. TikTok, which has over 150 million American users, is facing growing calls from U.S. lawmakers and state officials to ban the app nationwide over concerns about potential Chinese government influence over the platform. Gov. Gianforte, a Republican, said the bill will further "our shared priority to protect Montanans from Chinese Communist Party surveillance."

Montana, which has a population of just over 1 million people, said TikTok could face fines for each violation and additional fines of $10,000 per day if they violate the ban. It takes effect Jan. 1, 2024. The ban will likely face numerous legal challenges that it violates the First Amendment free speech rights of users. An attempt by then President Donald Trump to ban new downloads of TikTok and WeChat through a Commerce Department order in 2020 was blocked by multiple courts and never took effect. The legislation that Gianforte signed also generally prohibits "the use of all social media applications that collect and provide personal information or data to foreign adversaries on government-issued devices," adds Reuters.

It's unclear if the bill signed today would effectively ban all social media in Montana, since most social media networks collect such information and share it with entities in foreign countries.

Disgraced Theranos founder Elizabeth Holmes has been ordered to report to prison while she appeals her fraud conviction and jail sentence of over 11 years for defrauding investors. She has also been ordered to pay $452 million to victims, which will be split with her former partner, Ramesh "Sunny" Balwani, who was also convicted and sentenced to 13 years in prison. CNBC reports: Elizabeth Holmes, the disgraced CEO of Theranos, must report to prison on May 30, according to a ruling issued Wednesday by U.S. District Judge Edward Davila. Holmes must report to prison no later than 2:00 p.m. local time on that day, and is expected to begin her sentence at a minimum-security facility in Bryan, Texas. On Tuesday, an appeals court rejected Holmes' bid to stay out of prison while she appeals her conviction. In another Tuesday ruling, Judge Davila ordered that Holmes and former Theranos executive Ramesh "Sunny" Balwani pay $452 million in restitution to victims. You can read more about the 'U.S. v. Elizabeth Holmes, et al.' case here.

An anonymous reader shares a report: This week, we looked at a new hardware startup called Telly that's giving away half a million of its new smart televisions for free. The catch is that the 55-inch smart television is fitted with a second display that sits underneath and displays ads while you watch your favorite shows. The trade-off for a free television is agreeing to let this brand-new startup collect vast amounts of data about you because the money ads make from you cover the costs of the television itself. According to its privacy policy, the startup collects data about what you view, where you're located, what you watch, as well as what could be inferred about you from that information.

But annotations left in its privacy policy that were published in error raise concerns about its data practices. We've pasted below the portion of Telly's privacy policy verbatim, typos included, as it was published at the time -- and have highlighted the questionable passage in bold for emphasis: "As noted in the Terms of Use, we do not knowingly collect or solicitPersonal Data about children under 13 years of age; ifyou are a child under the age of 13, please do not attempt to register for orotherwise use the Services or send us any Personal Data. Use of the Servicesmay capture the physical presence of a child under the age of 13, but noPersonal Data about the child is collected. If we learn we have collectedPersonal Data from a child under 13 years of age, we will delete thatinformation as quickly as possible. (I don't know that this is accurate. Do wehave to say we will delete the information or is there another way aroundthis)? If you believe that a child under 13 years of age may have providedPersonal Data to us, please contact us at..." A short time after contacting Telly for comment, the company removed the section from its privacy policy.

Hanging on to your favorite wireless mouse just got a little easier thanks to a new partnership between Logitech and DIY repair specialists iFixit. The Verge: The two companies are working together to reduce unnecessary e-waste and help customers repair their own out-of-warranty Logitech hardware by supplying spare parts, batteries, and repair guides for "select products." Everything will eventually be housed in the iFixit Logitech Repair Hub, with parts available to purchase as needed or within "Fix Kits" that provide everything needed to complete the repair, such as tools and precision bit sets. Starting "this summer," Logitech's MX Master and MX Anywhere mouse models will be the first products to receive spare parts. Pricing information has not been disclosed yet, and Logitech hasn't mentioned any other devices that will receive the iFixit genuine replacement parts and repair guide treatment.

An anonymous reader quotes a report from KrebsOnSecurity: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found (PDF). In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold "as-is" from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons -- such as its owner was involved in identity theft -- and in these cases the phone itself was used as a tool to commit the crime. "We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner," the researchers explained in a paper released this month. "Unfortunately, that expectation has proven false in practice."

Beyond what you would expect from unwiped second hand phones -- every text message, picture, email, browser history, location history, etc. -- the 61 phones they were able to access also contained significant amounts of data pertaining to crime -- including victims' data -- the researchers found. [...] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients. "We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally," said Dave Levin, an assistant professor of computer science at University of Maryland. "They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren't wiped."

OpenAI CEO Sam Altman appeared before a Senate Judiciary subcommittee, along with IBM chief privacy officer Christian Montgomery and NYU professor Gary Marcus, to testify about the dangers posed by generative artificial intelligence. Altman said he'd welcome legislation in the space and urged Congress to work with OpenAI and other companies in the field to figure out rules and guardrails. Axios reports: Altman argued that generative AI is different and requires a separate policy response. He called it a "tool" for users that cannot do full jobs on its own, merely tasks. Altman called for a government agency that would promulgate rules around licensing for certain tiers of AI systems "above a crucial threshold of capabilities." He said: "My worst fear is we cause significant harm to the world."

Sen. Dick Durbin (D-Ill.) called it "historic" that a company was coming to Congress pleading for regulation. IBM's Montgomery said it was important to regulate risks, not tech itself. "This cannot be the era of move fast and break things," she said.

Environmental DNA research has aided conservation, but scientists say its ability to glean information about human populations and individuals poses dangers. From a report: David Duffy, a wildlife geneticist at the University of Florida, just wanted a better way to track disease in sea turtles. Then he started finding human DNA everywhere he looked. Over the last decade, wildlife researchers have refined techniques for recovering environmental DNA, or eDNA -- trace amounts of genetic material that all living things leave behind. A powerful and inexpensive tool for ecologists, eDNA is all over -- floating in the air, or lingering in water, snow, honey and even your cup of tea. Researchers have used the method to detect invasive species before they take over, to track vulnerable or secretive wildlife populations and even to rediscover species thought to be extinct. The eDNA technology is also used in wastewater surveillance systems to monitor Covid and other pathogens. But all along, scientists using eDNA were quietly recovering gobs and gobs of human DNA. To them, it's pollution, a sort of human genomic bycatch muddying their data. But what if someone set out to collect human eDNA on purpose?

New DNA collecting techniques are "like catnip" for law enforcement officials, says Erin Murphy, a law professor at the New York University School of Law who specializes in the use of new technologies in the criminal legal system. The police have been quick to embrace unproven tools, like using DNA to create probability-based sketches of a suspect. That could pose dilemmas for the preservation of privacy and civil liberties, especially as technological advancement allows more information to be gathered from ever smaller eDNA samples. Dr. Duffy and his colleagues used a readily available and affordable technology to see how much information they could glean from human DNA gathered from the environment in a variety of circumstances, such as from outdoor waterways and the air inside a building. The results of their research, published Monday in the journal Nature Ecology & Evolution, demonstrate that scientists can recover medical and ancestry information from minute fragments of human DNA lingering in the environment. Forensic ethicists and legal scholars say the Florida team's findings increase the urgency for comprehensive genetic privacy regulations.

An anonymous reader quotes a report from Ars Technica: Microsoft cloud services are scanning for malware by peeking inside users' zip files, even when they're protected by a password, several users reported on Mastodon on Monday. Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code.

While analysis of password-protected in Microsoft cloud environments is well-known to some people, it came as a surprise to Andrew Brandt. The security researcher has long archived malware inside password-protected zip files before exchanging them with other researchers through SharePoint. On Monday, he took to Mastodon to report that the Microsoft collaboration tool had recently flagged a zip file, which had been protected with the password "infected." "While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples," Brandt wrote. "The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs."

Fellow researcher Kevin Beaumont joined the discussion to say that Microsoft has multiple methods for scanning the contents of password-protected zip files and uses them not just on files stored in SharePoint but all its 365 cloud services. One way is to extract any possible passwords from the bodies of email or the name of the file itself. Another is by testing the file to see if it's protected with one of the passwords contained in a list. "If you mail yourself something and type something like 'ZIP password is Soph0s', ZIP up EICAR and ZIP password it with Soph0s, it'll find (the) password, extract and find (and feed MS detection)," he wrote. "A Google representative said the company doesn't scan password-protected zip files, though Gmail does flag them when users receive such a file," notes Ars.

"One other thing readers should remember: password-protected zip files provide minimal assurance that content inside the archives can't be read. As Beaumont noted, ZipCrypto, the default means for encrypting zip files in Windows, is trivial to override. A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files."

An anonymous reader quotes a report from TorrentFreak: ACE, the world's leading anti-piracy coalition, is facing an unexpected setback after Google removed a page that advises 'pirates' where they can watch content legally. The removal is the result of an erroneous takedown notice from a competing anti-piracy organization and was likely triggered by an ACE domain name seizure. [...] After the "Watch Legally" page was removed from Google search, visitors see the following note [here] at the bottom of the results.

In response to a recent takedown notice, Google removed ACE's "Watch Legally" page for alleged copyright infringement. This action was taken at the behest of Indian anti-piracy outfit AiPlex. The ACE page was repeatedly flagged by AiPlex in recent weeks. In this notice, for example, it's accused of distributing a pirated copy of the film 'Virgin Bhanupriya,' together with sites such as foumovies.pw, afilmyhit.cafe, and yomovies.bid. Why AiPlex flagged a page that's designed to drive traffic to legal services is unclear.

AI technology should not be considered an "inventor" by U.S. patent law, Google argues in a new filing with the U.S. Patent and Trademark Office. From a report: USPTO is currently soliciting comments on AI technologies and inventorship -- asking people, among other things, how AI is being used in creating inventions and whether its contributions would qualify it for treatment as a joint inventor. Questions posed by USPTO include: "If an AI system contributes to an invention at the same level as a human who would be considered a joint inventor, is the invention patentable under current patent laws? Are there situations in which AI-generated contributions are not owned by any entity and therefore part of the public domain?"

An anonymous reader shares a report: A passenger walks up to an airport security checkpoint, slips an ID card into a slot and looks into a camera atop a small screen. The screen flashes "Photo Complete" and the person walks through -- all without having to hand over their identification to the TSA officer sitting behind the screen. It's all part of a pilot project by the Transportation Security Administration to assess the use of facial recognition technology at a number of airports across the country. "What we are trying to do with this is aid the officers to actually determine that you are who you say who you are," said Jason Lim, identity management capabilities manager, during a demonstration of the technology to reporters at Baltimore-Washington International Thurgood Marshall Airport.

The effort comes at a time when the use of various forms of technology to enhance security and streamline procedures is only increasing. TSA says the pilot is voluntary and accurate, but critics have raised concerns about questions of bias in facial recognition technology and possible repercussions for passengers who want to opt out. The technology is currently in 16 airports. In addition to Baltimore, it's being used at Reagan National near Washington, D.C., airports in Atlanta, Boston, Dallas, Denver, Detroit, Las Vegas, Los Angeles, Miami, Orlando, Phoenix, Salt Lake City, San Jose, and Gulfport-Biloxi and Jackson in Mississippi. However, it's not at every TSA checkpoint so not every traveler going through those airports would necessarily experience it.

"Deep in a pine forest in Wilcox County, Alabama, three workers dangled from the top of a 350-foot cellular tower," reports the New York Times. "They were there to rip out and replace Chinese equipment from the local wireless network..." As the United States and China battle for geopolitical and technological primacy, the fallout has reached rural Alabama and small wireless carriers in dozens of states. They are on the receiving end of the Biden administration's sweeping policies to suppress China's rise, which include trade restrictions, a $52 billion package to bolster domestic semiconductor manufacturing against China and the divestiture of the video app TikTok from its Chinese owner. What the wireless carriers must do, under a program known as "rip and replace," has become the starkest physical manifestation of the tech Cold War between the two superpowers. The program, which took effect in 2020, mandates that American companies tear out telecom equipment made by the Chinese companies Huawei and ZTE. U.S. officials have warned that gear from those companies could be used by Beijing for espionage and to steal commercial secrets.

Instead, U.S. carriers have to use equipment from non-Chinese companies. The Federal Communications Commission, which oversees the program, would then reimburse the carriers from a pot of $1.9 billion intended to cover their costs. Similar rip-and-replace efforts are taking place elsewhere. In Europe, where Huawei products have been a key part of telecom networks, carriers in Belgium, Britain, Denmark, the Netherlands and Sweden have also been swapping out the Chinese equipment because of security concerns, according to Strand Consult, a research firm that tracks the telecom industry. "Rip-and-replace was the first front in a bigger story about the U.S. and China's decoupling, and that story will continue into the next decade with a global race for A.I. and other technologies," said Blair Levin, a former F.C.C. chief of staff and a fellow at the Brookings Institution.

But cleansing U.S. networks of Chinese tech has not been easy. The costs have already ballooned above $5 billion, according to the F.C.C., more than double what Congress appropriated for reimbursements. Many carriers also face long supply chain delays for new equipment. The program's burden has fallen disproportionately on smaller carriers, which relied more on the cheaper gear from the Chinese firms than large companies like AT&T and Verizon. Given rip-and-replace's difficulties, some smaller wireless companies now say they may not be able to upgrade their networks and continue serving their communities, where they are often the only internet providers. "For many rural communities, they are faced with the disastrous choice of having to continue to use insecure networks that are ripe for surveillance or having to cut off their services," said Geoffrey Starks, a Democratic commissioner at the F.C.C.

Last month, Senator Deb Fischer, a Republican of Nebraska, introduced a bill to close the gap in rip-and-replace funding for carriers... In January, the F.C.C. said it had received 126 applications seeking funding beyond what it could reimburse. Lawmakers had underestimated the costs of shredding Huawei and ZTE equipment, and new equipment and labor costs have risen. The F.C.C. said it could cover only about 40 percent of the expenses. Some wireless carriers immediately paused their replacement efforts. "Until we have assurance of total project funding, this project will continue to be delayed as we await the necessary funding required to build and pay for the new network equipment," United Wireless of Dodge City, Kansas, wrote in a regulatory filing to the F.C.C. in January.

Three companies "supplied millions of fake public comments to influence a 2017 proceeding by the Federal Communications Commission (FCC) to repeal net neutrality rules," announced New York's attorney general this week.

Their investigation "found that the fake comments used the identities of millions of consumers, including thousands of New Yorkers, without their knowledge or consent," as well as "widespread fraud and abusive practices" Collectively, the three companies have agreed to pay $615,000 in penalties and disgorgement. This is the second series of agreements secured by Attorney General James with companies that supplied fake comments to the FCC... As detailed in a report by the Office of the Attorney General, the nation's largest broadband companies funded a secret campaign to generate millions of comments to the FCC in 2017. These comments provided "cover" for the FCC to repeal net neutrality rules. To help generate these comments, the broadband industry engaged commercial lead generators that used advertisements and prizes, like gift cards and sweepstakes entries, to encourage consumers to join the campaign.

However, nearly every lead generator that was hired to enroll consumers in the campaign instead simply fabricated consumers' responses. As a result, more than 8.5 million fake comments that impersonated real people were submitted to the FCC, and more than half a million fake letters were sent to Congress. Two of the companies, LCX and Lead ID, were each engaged to enroll consumers in the campaign. Instead, each independently fabricated responses for 1.5 million consumers. The third company, Ifficient, acted as an intermediary, engaging other lead generators to enroll consumers in the campaign. Ifficient supplied its client with more than 840,000 fake responses it had received from the lead generators it had hired.

The Office of the Attorney General's investigation also revealed that the fraud perpetrated by the various lead generators in the net neutrality campaign infected other government proceedings as well. Several of the lead generation firms involved in the broadband industry's net neutrality comment campaigns had also worked on other, unrelated campaigns to influence regulatory agencies and public officials. In nearly all of these advocacy campaigns, the lead generation firms engaged in fraud. As a result, more than 1 million fake comments were generated for other rulemaking proceedings, and more than 3.5 million fake digital signatures for letters and petitions were generated for federal and state legislators and government officials across the nation.

LCX and Lead ID were responsible for many of these fake comments, letters, and petition signatures. Across four advocacy campaigns in 2017 and 2018, LCX fabricated consumer responses used in approximately 900,000 public comments submitted to the Environmental Protection Agency (EPA) and the Bureau of Ocean Energy Management (BOEM) at the U.S. Department of the Interior. Similarly, in advocacy campaigns between 2017 and 2019, Lead ID fabricated more than half a million consumer responses. These campaigns targeted a variety of government agencies and officials at the federal and state levels...

LCX and its principals will pay $400,000 in penalties and disgorgement to New York and $100,000 to the San Diego District Attorney's Office.
Thanks to Slashdot reader gkelley for sharing the news.