The Biden administration plans to study companies' use of technology to monitor and manage workers, which it said on Monday is becoming increasingly common and can cause "serious risks to workers." From a report: The White House Office of Science and Technology Policy, in a blog post, sought comments from employees about their experience with surveillance technology, and asked employers and software vendors how they develop and use them. "While these technologies can benefit both workers and employers in some cases, they can also create serious risks to workers," the OSTP said.

"Monitoring conversations can deter workers from exercising their rights to organize and collectively bargain with their employers. And, when paired with employer decisions about pay, discipline, and promotion, automated surveillance can lead to workers being treated differently or discriminated against."

Microsoft's headquarters are in the state of Washington — and this year when the state legislature considered a right-to-repair bill, Microsoft showed its support.

The nonprofit "climate solutions" site Grist reports that the committee considering that bill received an email from Microsoft's senior director of government affairs, saying that the bill "fairly balances the interests of manufacturers, customers, and independent repair shops and in doing so will provide more options for consumer device repair." The Fair Repair Act stalled out a week later due to opposition from all three Republicans on the committee and Senator Lisa Wellman, a Democrat and former Apple executive. (Apple frequently lobbies against right-to-repair bills, and during a hearing, Wellman defended the iPhone maker's position that it is already doing enough on repair.) But despite the bill's failure to launch this year, repair advocates say Microsoft's support — a notable first for a major U.S. tech company — is bringing other manufacturers to the table to negotiate the details of other right-to-repair bills for the first time.

"We are in the middle of more conversations with manufacturers being way more cooperative than before," Nathan Proctor, who heads the U.S. Public Research Interest Group's right-to-repair campaign, told Grist. "And I think Microsoft's leadership and willingness to be first created that opportunity...."

Like other consumer tech giants, Microsoft has historically fought right-to-repair bills while restricting access to spare parts, tools, and repair documentation to its network of "authorized" repair partners. In 2019, the company even helped kill a repair bill in Washington state. But in recent years the company has started changing its tune on the issue. In 2021, following pressure from shareholders, Microsoft agreed to take steps to facilitate the repair of its devices — a first for a U.S. company. Microsoft followed through on the agreement by expanding access to spare parts and service tools, including through a partnership with the repair guide site iFixit. The tech giant also commissioned a study that found repairing Microsoft products instead of replacing them can dramatically reduce both waste and carbon emissions. Microsoft has also started engaging more cooperatively with lawmakers over right-to-repair bills. In late 2021 and 2022, the company met with legislators in both Washington and New York to discuss each state's respective right-to-repair bill. In both cases, lawmakers and advocates involved in the bill negotiations described the meetings as productive...

When Washington lawmakers revived their right-to-repair bill for the 2023 legislative cycle, Microsoft once again came to the negotiating table. From state senator and bill sponsor Joe Nguyen's perspective, Microsoft's view was, "We see this coming, we'd rather be part of the conversation than outside. And we want to make sure it is done in a thoughtful way." Proctor, whose organization was also involved in negotiating the Washington bill, said that Microsoft had a few specific requests, including that the bill require repair shops to possess a third-party technical certification and carry insurance. It was also important to Microsoft that the bill only cover products manufactured after the bill's implementation date, and that manufacturers be required to provide the public only the same parts and documents that their authorized repair providers already receive. Some of the company's requests, Proctor said, were "tough" for advocates to concede on. "But we did, because we thought what they were doing was in good faith."

"ThreatGPT, MedicalGPT, DateGPT and DirtyGPT are a mere sampling of the many outfits to apply for trademarks with the United States Patent and Trademark Office in recent months," notes TechCrunch, exploring the issue of whether OpenAI can actually trademark the phrase 'GPT'... Little wonder that after applying in late December for a trademark for "GPT," which stands for "Generative Pre-trained Transformer," OpenAI last month petitioned the USPTO to speed up the process, citing the "myriad infringements and counterfeit apps" beginning to spring into existence. Unfortunately for OpenAI, its petition was dismissed last week... Given the rest of the queue in which OpenAI finds itself, that means a decision could take up to five more months, says Jefferson Scher, a partner in the intellectual property group of Carr & Ferrell and chair of the firm's trademark practice group. Even then, the outcome isn't assured, Scher explains... [H]elpful, says Scher, is the fact that OpenAI has been using "GPT" for years, having released its original Generative Pre-trained Transformer model, or GPT-1, back in October 2018...

Even if a USPTO examiner has no problem with OpenAI's application, it will be moved afterward to a so-called opposition period, where other market participants can argue why the agency should deny the "GPT" trademark. Scher describes what would follow this way: In the case of OpenAI, an opposer would challenge Open AI's position that "GPT" is proprietary and that the public perceives it as such instead of perceiving the acronym to pertain to generative AI more broadly...

It all begs the question of why the company didn't move to protect "GPT" sooner. Here, Scher speculates that the company was "probably caught off guard" by its own success... Another wrinkle here is that OpenAI may soon be so famous that its renown becomes a dominant factor, says Scher. While one doesn't need to be famous to secure a trademark, once an outfit is widely enough recognized, it receives protection that extends far beyond its sphere. Rolex is too famous a trademark to be used on anything else, for instance.
Thanks to Slashdot reader rolodexter for sharing the article.

California has approved a groundbreaking rule to cut greenhouse gas emissions by limiting rail pollution, banning locomotives over 23 years old by 2030, increasing the use of zero-emissions technology for freight transportation, and imposing restrictions on idling. The Associated Press reports: The rule will ban locomotive engines more than 23 years old by 2030 and increase the use of zero-emissions technology to transport freight from ports and throughout railyards. It would also ban locomotives in the state from idling longer than 30 minutes if they are equipped with an automatic shutoff. The standards would also reduce chemicals that contribute to smog. They could improve air quality near railyards and ports.

The transportation sector contributed the largest share of greenhouse gas emissions nationwide in 2020, according to the Environmental Protection Agency. But rail only accounts for about 2% of those emissions. Other states can sign on to try to adopt the California rule if it gets the OK from the Biden administration. The rule is the most ambitious of its kind in the country. "The locomotive rule has the power to change the course of history for Californians who have suffered from train pollution for far too long, and it is my hope that our federal regulators follow California's lead," said Yasmine Agelidis, a lawyer with environmental nonprofit Earthjustice, in a statement.

A group of Senators on Wednesday announced bipartisan legislation that seeks to prevent an AI system from making nuclear launch decisions. "The Block Nuclear Launch by Autonomous Artificial Intelligence Act would prohibit the use of federal funds for launching any nuclear weapon by an automated system without 'meaningful human control,'" reports Ars Technica. From the report: The new bill builds on existing US Department of Defense policy, which states that in all cases, "the United States will maintain a human 'in the loop' for all actions critical to informing and executing decisions by the President to initiate and terminate nuclear weapon employment." The new bill aims to codify the Defense Department principle into law, and it also follows the recommendation of the National Security Commission on Artificial Intelligence, which called for the US to affirm its policy that only human beings can authorize the employment of nuclear weapons.

"While US military use of AI can be appropriate for enhancing national security purposes, use of AI for deploying nuclear weapons without a human chain of command and control is reckless, dangerous, and should be prohibited," Buck said in a statement. "I am proud to co-sponsor this legislation to ensure that human beings, not machines, have the final say over the most critical and sensitive military decisions."

An anonymous reader quotes a report from Wired: The U.S. Department of Justice, Mandiant, and Microsoft stumbled upon the SolarWinds breach six months earlier than previously reported, WIRED has learned, but were unaware of the significance of what they had found. The breach, publicly announced in December 2020, involved Russian hackers compromising the software maker SolarWinds and inserting a backdoor into software served to about 18,000 of its customers. That tainted software went on to infect at least nine US federal agencies, among them the Department of Justice (DOJ), the Department of Defense, Department of Homeland Security, and the Treasury Department, as well as top tech and security firms including Microsoft, Mandiant, Intel, Cisco, and Palo Alto Networks. The hackers had been in these various networks for between four and nine months before the campaign was exposed by Mandiant.

WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020 -- but the scale and significance of the breach wasn't immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it's not clear why the software maker was also brought onto the investigation.

It's not known what division of the DOJ experienced the breach, but representatives from the Justice Management Division and the US Trustee Program participated in discussions about the incident. The Trustee Program oversees the administration of bankruptcy cases and private trustees. The Management Division advises DOJ managers on budget and personnel management, ethics, procurement, and security. Investigators suspected the hackers had breached the DOJ server directly, possibly by exploiting a vulnerability in the Orion software. They reached out to SolarWinds to assist with the inquiry, but the company's engineers were unable to find a vulnerability in their code. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped. A month later, the DOJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite, the sources say. According to WIRED, the DOJ said it "notified the US Cybersecurity and Infrastructure Agency (CISA) about the breach at the time it occurred -- though a US National Security Agency spokesperson expressed frustration that the agency was not also notified."

"But in December 2020, when the public learned that a number of federal agencies were compromised in the SolarWinds campaign -- the DOJ among them -- neither the DOJ nor CISA revealed to the public that the operation had unknowingly been found months earlier. The DOJ initially said its chief information officer had discovered the breach on December 24."

Yesterday, Washington Governor Jay Inslee signed the My Health, My Data bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data. When the law comes into effect in March 2024, users will have the right to withdraw consent at any time and have their data deleted. The Verge reports: The law should help shield users' health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing "individually identifiable" health information without consent. The HIPAA Privacy Rule doesn't cover many of the health apps and sites that collect medical data, allowing them to freely collect and sell this information to advertisers.

Under Washington's new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that "openly communicates a consumer's freely given, informed, opt-in, voluntary, specific, and unambiguous written consent." The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it. Additionally, the bill will block medical providers from using geofencing to collect location information about the patients that visit the facility.

A former Apple employee has been sentenced to three years in prison and must pay back over $19 million in restitution for stealing around $17 million from the tech giant through mail and wire fraud schemes. From a report: Dhirendra Prasad, 55, was originally charged in March 2022 and later pleaded guilty to conspiring to defraud Apple and related tax crimes back in November last year. Prasad was employed at the company between 2008 and 2018, mostly working as a buyer in Apple's global service supply chain, purchasing parts and services from vendors. In his written plea agreement, Prasad admitted he started siphoning money from his employer around 2011 by accepting kickbacks, stealing parts, inflating invoices, and fraudulently charging Apple for goods that were never delivered. He also admitted to evading tax on the proceeds of his schemes and conspiring on these activities with the owners of two vendor companies, who have been charged in separate cases.

A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. From the report: The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). The guest access feature allows unauthenticated users to view specific content and resources without needing to log in.

However, sometimes Salesforce administrators mistakenly grant guest users access to internal resources, which can cause unauthorized users to access an organization's private information and lead to potential data leaks. Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant's full name, Social Security number, address, phone number, email, and bank account number.

An anonymous reader quotes a report from The Hacker News: Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019.

The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. [...] The major distributors of CryptBot, per Google, are suspected to be operating a "worldwide criminal enterprise" based out of Pakistan. Google said it intends to use the court order, granted by a federal judge in the Southern District of New York, to "take down current and future domains that are tied to the distribution of CryptBot," thereby kneecapping the spread of new infections.

schwit1 shares a report from Rolling Stone: It was a busy day for the live music industry in Washington [on Wednesday] as senators introduced multiple pieces of legislation aimed at improving transparency and competition in ticketing. One of the most common complaints among music fans in a long list of gripes about the modern ticketing industry is the hidden fees that get tacked on at the very end of a purchase, adding a deceptive extra costs customers won't even see until they've already selected their seats based on a different price. The Transparency in Charges for Key Events Ticketing, or TICKET Act, could end that annoyance. Introduced on Tuesday by U.S. Commerce Committee Chair Maria Cantwell (D-Wash) and committee ranking member Ted Cruz (R-Texas), the bill, if passed, would require ticket sellers for concerts and sporting events to disclose the total price of a ticket including fees right away. Fees themselves can be a significant addition for concert tickets, usually adding a 20 to 30-percent extra charge on tickets but sometimes well exceeding that. Joe Biden pushed for a reform on "junk fees" earlier this year.

While passing the new legislation wouldn't stop the actual fees themselves, it would certainly be a step forward in making the business more transparent for consumers. While the bill would pass all-in prices on a federal level, some states like New York already enacted the policy. "Right now, one company is leveraging its power to lock venues into exclusive contracts that last up to ten years, ensuring there is no room for potential competitors to get their foot in the door," Klobuchar said, seemingly referencing Ticketmaster but not mentioning it by name. "Without competition to incentivize better services and fair prices, we all suffer the consequences. The Unlock Ticketing Markets Act would help consumers, artists, and independent venue operators alike by making sure primary ticketing companies face pressure to innovate and improve."

Intellectual property laws cannot handle possibility artificial intelligence could invent things on its own. From a report: When members of the US supreme court refused this week to hear a groundbreaking case that sought to have an artificial intelligence system named as the inventor on a patent, it appeared to lay to rest a controversial idea that could have transformed the intellectual property field. The justices' decision, in the case of Thaler vs Vidal, leaves in place two lower court rulings that only "natural persons" can be awarded patents. The decision dealt a blow to claims that intelligent machines are already matching human creativity in important areas of the economy and deserve similar protections for their ideas. But while the court's decision blocked a potentially radical extension of patent rights, it has done nothing to calm growing worries that AI is threatening to upend other aspects of intellectual property law.

The US Patent and Trademark Office opened hearings on the issue this week, drawing warnings that AI-fuelled inventions might stretch existing understandings of how the patent system works and lead to a barrage of litigation. The flurry of concern has been prompted by the rapid rise of generative AI. Though known mainly from OpenAI's ChatGPT, the same technology is already being used to design semiconductors and suggest ideas for new molecules that might form the basis of useful drugs. For now, such uses of AI do not appear to pose a serious challenge to the patent system since the technology is being used as a tool to help humans shape ideas rather than operating independently, said Chris Morgan, an IP partner at law firm Reed Smith. However, referring to the possibility that AI systems might one day come up with inventions on their own, she added: "Our laws are not equipped, the way they're written right now, to handle that scenario."

mrflash818 writes: Colorado has enacted the nation's first state law guaranteeing farmers a right to repair tractors and other equipment themselves or at independent repair shops. Colorado Gov. Jared Polis, a Democrat, signed the bill yesterday. "I am proud to sign this important bipartisan legislation that saves hardworking farmers and ranchers time and money on repairs, and supports Colorado's thriving agriculture industry... Farmers and ranchers can lose precious weeks and months when equipment repairs are stalled due to long turnaround times by manufacturers and dealers. This bill will change that," Polis said.

The state House voted 46-14 in favor of the bill on April 11, while the Senate voted 21-12 on March 30. "The legislation advanced through long committee hearings, having been propelled forward mostly by Democrats even though a Republican lawmaker co-sponsored the bill," the Associated Press wrote. "The proposal left some GOP lawmakers stuck between their farming constituents pleading for the ability to repair their equipment and the manufacturers who vehemently opposed it." The law's requirements are scheduled to take effect on January 1, 2024. Farm equipment manufacturers will have "to provide parts, embedded software, firmware, tools, or documentation, such as diagnostic, maintenance, or repair manuals, diagrams, or similar information (resources), to independent repair providers and owners of the manufacturer's agricultural equipment," according to the legislature's summary of the Consumer Right To Repair Agricultural Equipment bill.

Brazilian court has ordered the nationwide suspension of the Telegram messaging app due to its parent company's failure to provide data on neo-Nazis operating on the platform, imposing a daily fine of approximately $198,000 until compliance is met. The action was taken as part of an investigation into neo-Nazi activity on social networks.

Agence France-Presse first reported the news.

A draft law that aims to criminalize and prosecute those who "create conditions for online piracy" has been approved by Bulgaria's Council of Ministers. The proposed amendments are Bulgaria's response to heavy criticism from the United States, most publicly via the USTR's Special 301 Reports. It's hoped that prison sentences of up to six years will send a deterrent message. TorrentFreak reports: Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue. "Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also considering the financial losses for the holders of these rights, which also affects the revenues in the state budget," the explanatory notes read.

The stated aim of the bill is to solve identified weaknesses by upgrading substantive law to counter computer-related crimes against intellectual property. The text references those who "build or maintain" an information system or provide a service to the information society for the purpose of committing crimes. The notes offer further clarification. "The bill aims to prosecute those who create conditions for online piracy -- for example, by building and maintaining torrent tracker sites, web platforms, chat groups in online communication applications for the online exchange of pirated content, and any other activities that may fall within the definition of 'information society service' within the meaning of the Electronic Commerce Act (pdf) and which are carried out with the specified criminal purpose."

The Bulgarian government notes that the amendments are part of its response to criticism in the USTR's Special 301 Report. [When countries are placed on the USTR's 'Watch List' for failing to combat piracy, most can expect years of pressure punctuated by annual Special 301 Reports declaring more needs to be done. Bulgaria was on the Watch List in 2015 when the USTR reported "incremental progress" in the country's ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver.] The fact that Bulgaria has been absent from the 'Watch List' for the last five years is down to "specific commitments" made by the authorities, with progress being monitored closely by the United States in respect of Bulgaria's future status. The draft approved by the Council of Ministers last week envisions sentences of up to six years imprisonment and a fine of up to $5,600. According to the draft, there is no intent to prosecute individual users who simply consume pirated content.

In a blog post today, the Free Software Foundation is calling on the Internal Revenue Service (IRS) to provide free/libre tax-filing software for Americans to file their taxes, citing upcoming legislation that allocates funds for the agency to explore a government-operated gratis tax return system. "Many feel they have no other option than to use nonfree software or a Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file taxes," writes the FSF.

$15 million of the $80 billion that was approved for the IRS by the Inflation Reduction Act includes the promise to further explore an "electronic service to prepare and file tax returns directly with the IRS." To do so, the IRS intends to "study taxpayer preferences for products. The results of the study will inform if and how the IRS should design such a service." The FSF writes: Let's call on the IRS to make a website for filing your tax return which respects your freedom. This is your chance. Write to the new IRS commissioner Daniel Werfel with your message. [...] Look up the address of your state's tax filing institution and send your letter to this address. Post your letter on social media to inspire others to do the same.

An anonymous reader quotes a report from Ars Technica: The European Commission will require 19 large online platforms and search engines to comply with new online content regulations starting on August 25, European officials said. The EC specified which companies must comply with the rules for the first time, announcing today that it "adopted the first designation decisions under the Digital Services Act." Five of the 19 platforms are run by Google, specifically YouTube, Google Search, the Google Play app and digital media store, Google Maps, and Google Shopping. Meta-owned Facebook and Instagram are on the list, as are Amazon's online store, Apple's App Store, Microsoft's Bing search engine, TikTok, Twitter, and Wikipedia. These platforms were designated because they each reported having over 45 million active users in the EU as of February 17. The other listed platforms are Alibaba AliExpress, Booking.com, LinkedIn, Pinterest, Snapchat, and German online retailer Zalando.

Companies have four months to comply with the full set of new obligations and could face fines of up to 6 percent of a provider's annual revenue. One new rule is a ban on advertisements that target users based on sensitive data such as ethnic origin, political opinions, or sexual orientation. There are new content moderation requirements, transparency rules, and protections for minors. For example, "targeted advertising based on profiling towards children is no longer permitted," the EC said. Companies will have to provide their first annual risk assessment on August 25, and their risk mitigation plans will be subject to independent audits and oversight by the European Commission. "Platforms will have to identify, analyze and mitigate a wide array of systemic risks ranging from how illegal content and disinformation can be amplified on their services, to the impact on the freedom of expression and media freedom," the EC said. "Similarly, specific risks around gender-based violence online and the protection of minors online and their mental health must be assessed and mitigated." The new requirements for the 19 platforms include:
- Users will get clear information on why they are recommended certain information and will have the right to opt-out from recommendation systems based on profiling;
- Users will be able to report illegal content easily and platforms have to process such reports diligently; - Platforms need to label all ads and inform users on who is promoting them;
- Platforms need to provide an easily understandable, plain-language summary of their terms and conditions, in the languages of the Member States where they operate.

Platforms will be required to "analyze their specific risks, and put in place mitigation measures -- for instance, to address the spread of disinformation and inauthentic use of their service," the EC said. They will also "have to redesign their systems to ensure a high level of privacy, security, and safety to minors."

Microsoft's Edge browser appears to be sending URLs you visit to its Bing API website. Reddit users first spotted the privacy issues with Edge last week, noticing that the latest version of Microsoft Edge sends a request to bingapis.com with the full URL of nearly every page you navigate to. Microsoft tells The Verge it's investigating the reports. From a report: "Searching for references to this URL give very few results, no documentation on this feature at all," said hackermchackface, the Reddit user who first discovered the issue. While Reddit users weren't able to uncover why Microsoft Edge is sending the URLs you visit to its Bing API site, we asked Rafael Rivera, a software engineer and one of the developers behind EarTrumpet, to investigate, and he discovered it's part of a poorly implemented new feature in Edge. "Microsoft Edge now has a creator follow feature that is enabled by default," says Rivera in a conversation with The Verge. "It appears the intent was to notify Bing when you're on certain pages, such as YouTube, The Verge, and Reddit. But it doesn't appear to be working correctly, instead sending nearly every domain you visit to Bing."

Daniel Shin, the co-founder of Terraform Labs, was indicted in South Korea in connection with the collapsed Terra and Luna cryptocurrencies. From a report: According to reports from Bloomberg and the local Yonhap News Agency, Shin was charged on Tuesday with offenses including fraud, breach of duty, and embezzlement. Prosecutors at Seoul Southern District Court also indicted nine other people with ties to Terra, some of whom had roles in marketing, systems development, and management, as reported by Bloomberg. The outlet also reports that prosecutors have frozen a total of 246.8 billion won (about $184.7 million) in assets from the individuals they charged.

WhatsApp users are no longer restricted to using their account on just a single phone. Today, the Meta-owned messaging service is announcing that its multi-device feature -- which previously allowed you to access and send messages from additional Android tablets, browsers, or computers alongside your primary phone -- is expanding to support additional smartphones. From a report: "One WhatsApp account, now across multiple phones" is how the service describes the feature, which it says is rolling out to everyone in the coming weeks. Setting up a secondary phone to use with your WhatsApp account happens after doing a fresh install of the app. Except, rather than entering your phone number during setup and logging in as usual, you instead tap a new "link to existing account" option. This will generate a QR code to be scanned by your primary WhatsApp phone via the "link a device" option in settings. The new feature works across both iOS and Android devices. WhatsApp is pitching the feature as a useful tool for small businesses that might want multiple employees to be able to send and receive messages from the same business number via different phones.