According to a spokesperson for the United States Marshals Service (USMS), the agency was hit with a ransomware attack last week that compromises sensitive information. NBC News reports: In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: "The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Wade said the incident occurred Feb. 17, when the Marshals Service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system." The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said. He added that on Wednesday, after the agency briefed senior department officials, "those officials determined that it constitutes a major incident." The investigation is ongoing, Wade said.

A senior law enforcement official familiar with the incident said the breach did not involve the database involving the Witness Security Program, commonly known as the witness protection program. The official said no one in the witness protection program is in danger because of the breach. Nevertheless, the official said, the incident is significant, affecting law enforcement sensitive information pertaining to the subjects of Marshals Service investigations. The official said the agency has been able to develop a workaround so it is able to continue operations and efforts to track down fugitives.

wiredmikey shares a report from SecurityWeek: Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. LastPass on Monday fessed up a "second attack" where an unnamed threat actor combined data stolen from an August breach with information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated attack. [...]

LastPass worked with incident response experts at Mandiant to perform forensics and found that a DevOps engineer's home computer was targeted to get around security mitigations. The attackers exploited a remote code execution vulnerability in a third-party media software package and planted keylogger malware on the employee's personal computer. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," the company said. "The threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups," LastPass confirmed. LastPass originally disclosed the breach in August 2022 and warned that "some source code and technical information were stolen."

SecurityWeek adds: "In January 2023, the company said the breach was far worse than originally reported and included the theft of account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information."

An anonymous reader quotes a report from The Drive: Ford applied for a patent to make the repossession process go smoother. For the bank, that is. The patent document was submitted to the United States Patent Office in August 2021 but it was formally published Feb. 23. It's titled "Systems and Methods to Repossess a Vehicle." It describes several ways to make the life of somebody who has missed several car payments harder.

It explicitly says the system, which could be installed on any future vehicle in the automaker's lineup with a data connection would be capable of "[disabling] a functionality of one or more components of the vehicle." Everything from the engine to the air conditioning. For vehicles with autonomous or semi-autonomous driving capability, the system could "move the vehicle from a first spot to a second spot that is more convenient for a tow truck to tow the vehicle... move the vehicle from the premises of the owner to a location such as, for example, the premises of the repossession agency," or, if the lending institution considers the "financial viability of executing a repossession procedure" to be unjustifiable, the vehicle could drive itself to the junkyard.

No other automakers have recently attempted to patent a similar system, and indeed the Ford patent doesn't reference any other legal document for the sake of clarifying its idea. All of this being said, patent documents, especially applications like this one, do not necessarily represent an automaker's intent to introduce the described feature, process, or technology to its vehicles. Ford might just be attempting to protect this idea for the sake of doing so. The document does go into a lot of detail as to how such a system might work, though.

A CBS News review found that at least half a dozen states, to varying degrees, are considering legislation to make four-day workweeks more common. From the report: Among those states is Maryland, where lawmakers recently introduced a bill proposing a pilot program "for the purpose of promoting, incentivizing, and supporting the experimentation and study of the use of a 4-day workweek by private and public employers." It would allow some employers that participate to claim a tax credit. Del. Vaughn Stewart, who represents Maryland's 19th district and is one of the bill's sponsors, said if workers can get more rest, they will be able to function better. "We're expecting that workers can be at least as productive in a 32-hour week as they are in a 40-hour week," he said.

John Byrne, CEO of the Baltimore software company Tricerat, said he saw the productivity of his 37 employees and the company's profits increase after making the switch to a 32-hour workweek. "We've asked the employees to ruthlessly look at their work, get rid of extraneous meetings, extraneous phone calls, paperwork, things of this nature, and reduce down the amount of wasted work," Byrne said. Byrne said his company is now drawing younger employees. [...] But advocates like Boston College professor Juliet Schor said the idea might require prodding from the government. "Historically, time reduction has always involved government," Schor said.

New legislation in New York, California and in the U.S. Congress would require companies that work employees more than 32 hours a week to pay overtime. Similar proposals have failed in the past and some critics have argued that a four-day workweek is not suited for all employers. Even supporters of the concept acknowledge it's not for everyone. "We don't think this is something that every single industry and every single business can do, but that's what we want to study," Stewart said.

An anonymous reader quotes a report from TorrentFreak: Several independent publishers have had their books removed from Kindle Unlimited because they breached an exclusivity agreement with Amazon. The actions of the book giant are covered by the mutually agreed terms. However, in many cases, it's not the authors who breached the agreement, but pirate sites who copied them, as pirates do. [...] Over the past few weeks, several authors complained that Amazon had removed their books from Kindle Unlimited because they violated their agreement. The piracy angle is front and center, raising plenty of questions and uncertainty.

Raven Kennedy, known for The Plated Prisoner Series, took her frustration to Instagram earlier this month. The author accused Amazon of sending repeated "threats". This eventually resulted in the removal of her books from Kindle Unlimited, ostensibly because these were listed on pirate sites. "Copyright infringement is outside of my control. Even though I pay a lot of money to a company to file takedown notices on my behalf, and am constantly checking the web for pirated versions, I can't keep up with all the intellectual theft. "And rather than support and help their authors, Amazon threatens me. The ironic thing is, these pirates are getting the files FROM Amazon," Kennedy added. A similar experience was shared by Carissa Broadbent, author of The War of Lost Hearts Trilogy. Again, Amazon removed a book from Kindle Unlimited for an issue that the author can't do much about. "A few hours ago, I got a stomach-dropping email from [Amazon] that Children of Fallen Gods had been removed from the Kindle store with zero warning, because of content 'freely available on the web' -- IE, piracy that I do not have any control over," Broadbent noted.

These and other authors received broad support from their readers, and sympathy from the general public. A Change.org petition launched in response has collected nearly 35,000 signatures to date, with new ones still coming in. Author Marlow Locker started the petition to send a wake-up call to Amazon. According to her, Amazon should stand behind its authors instead of punishing them for the fact that complete strangers have decided to pirate their books. Most authors will gladly comply with the exclusivity requirements, but only as far as this lies within their control. Piracy clearly isn't, especially when it happens on an almost industrial scale. "Currently, many automated systems use Amazon as a place to copy the e-files that they use for their free websites. It's completely absurd that the same company turns around and punishes an author by removing their book from KDP Select," the petition reads. From the commentary seen online, several authors have been able to resolve their issues with Amazon. And indeed, the books of Broadbent and Kennedy appear to be back online. That said, the exclusivity policy remains in place. Amazon notes that the books removed from Kindle Unlimited still remain for sale on Amazon's regular store. They also stress that authors are issued a warning with an extended timeline to try and resolve the issue before any action is taken.

"The problem is, of course, that individual authors can't stop piracy," adds TorrentFreak. "If it was that easy, most authors would be happy to do so. However, if billion-dollar publishing companies and the U.S. Government can't stop it, Amazon can't expect independent authors to 'resolve' the matter either."

An explosion in proposed clean energy ventures in America "has overwhelmed the system for connecting new power sources to homes and businesses," reports the New York Times: So many projects are trying to squeeze through the approval process that delays can drag on for years, leaving some developers to throw up their hands and walk away.

More than 8,100 energy projects — the vast majority of them wind, solar and batteries — were waiting for permission to connect to electric grids at the end of 2021, up from 5,600 the year before, jamming the system known as interconnection.... PJM Interconnection, which operates the nation's largest regional grid, stretching from Illinois to New Jersey, has been so inundated by connection requests that last year it announced a freeze on new applications until 2026, so that it can work through a backlog of thousands of proposals, mostly for renewable energy.

It now takes roughly four years, on average, for developers to get approval, double the time it took a decade ago. And when companies finally get their projects reviewed, they often face another hurdle: the local grid is at capacity, and they are required to spend much more than they planned for new transmission lines and other upgrades. Many give up. Fewer than one-fifth of solar and wind proposals actually make it through the so-called interconnection queue, according to research from Lawrence Berkeley National Laboratory. "From our perspective, the interconnection process has become the No. 1 project killer," said Piper Miller, vice president of market development at Pine Gate Renewables, a major solar power and battery developer....

A potentially bigger problem for solar and wind is that, in many places around the country, the local grid is clogged, unable to absorb more power. That means if a developer wants to build a new wind farm, it might have to pay not just for a simple connecting line, but also for deeper grid upgrades elsewhere.... These costs can be unpredictable. In 2018, EDP North America, a renewable energy developer, proposed a 100-megawatt wind farm in southwestern Minnesota, estimating it would have to spend $10 million connecting to the grid. But after the grid operator completed its analysis, EDP learned the upgrades would cost $80 million. It canceled the project.

That creates a new problem: When a proposed energy project drops out of the queue, the grid operator often has to redo studies for other pending projects and shift costs to other developers, which can trigger more cancellations and delays. It also creates perverse incentives, experts said. Some developers will submit multiple proposals for wind and solar farms at different locations without intending to build them all. Instead, they hope that one of their proposals will come after another developer who has to pay for major network upgrades. The rise of this sort of speculative bidding has further jammed up the queue.

Three long-time Slashdot readers all submitted this story — schwit1, sinij, and DevNull127.

DevNull127 writes: Four U.S. agencies have concluded that the Covid-19 virus originated at the Wuhan market, the Wall Street Journal reports. The U.S. National Intelligence Council reached the same conclusion. Then there's two more agencies (including America's CIA) that are "undecided."

But there is one agency that decided — with "low confidence" — that the virus had somehow leaked from a lab. (And the FBI also decided with "moderate confidence" on that same theory.) "The new report highlights how different parts of the intelligence community have arrived at disparate judgments about the pandemic's origin," writes the Wall Street Journal — adding that unfortunately U.S. officials "declined" to give any details on what led to the Energy Department's position.
The Wall Street Journal also notes: Despite the agencies' differing analyses, the update reaffirmed an existing consensus between them that Covid-19 wasn't the result of a Chinese biological-weapons program, the people who have read the classified report said....

Some scientists argue that the virus probably emerged naturally and leapt from an animal to a human, the same pathway for outbreaks of previously unknown pathogens. Intelligence analysts who have supported that view give weight to "the precedent of past novel infectious disease outbreaks having zoonotic origins," the flourishing trade in a diverse set of animals that are susceptible to such infections, and their conclusion that Chinese officials didn't have foreknowledge of the virus, the 2021 report said.
Also responding to the Department of Energy's outlying position was a virologist at the Vaccine and Infectious Disease Organization at Canada's University of Saskatchewan, who posted a series of observations on Twitter: The available evidence shows overwhelmingly that the pandemic started at Huanan market via zoonosis. I have no idea what this evidence that Department of Energy has is. All I know that it is "weak" and resulted in a conclusion of "low confidence".

It reportedly comes from the DOE's own network of national labs rather than through spying. But I do know that to be consistent with the available scientific evidence, the DOE has to explain how the virus emerged twice over 2 wks in humans at the same market the size of a tennis court, over 8 km & across a river from the only lab in Wuhan working on SARSr-CoVs....

Claims of a progenitor at WIV are pure speculation & unsupported by evidence.... Despite 3 years of a global search for this evidence, it has not materialized, while evidence supporting zoonosis associated with Huanan has continued to stack up. At some point, an absence of evidence might just be evidence of absence.

CRN reports: Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.
Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022's total ransomware revenue "fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%." And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes "signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts," including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal: After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware.... "It reflects, I think, the pivot that we have made to a posture where we're on our front foot," Deputy Attorney General Lisa Monaco said in an interview. "We're focusing on making sure we're doing everything to prevent the attacks in the first place."

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands.... And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group's decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.

Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

After an iPhone was stolen, $10,000 vanished from the owner's bank account — and they were locked out of their Apple account's photos, contacts and notes. The thieves "stole thousands of dollars through Apple Pay" and "opened an Apple Card to make fraudulent charges," writes 9 to 5 Mac, citing a report from the Wall Street Journal. These thieves often work in groups with one distracting a victim while another records over a shoulder as they enter their passcode. Others have been known to even befriend victims, asking them to open social media or other apps on their iPhones so they can watch and memorize the passcode before stealing it. A 12-person crime ring in Minnesota was recently taken down after targeting iPhones like this in bars. Almost $300,000 was stolen from 40 victims by this group before they were caught.
The Journal adds that "similar stories are piling up in police stations around the country," while one of their article's authors has tweeted Apple's official response. "We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare.... We will continue to advance the protections to help keep user accounts secure."

The reporter suggests alphanumeric passwords are harder to steal, while MacRumors offers some other simple fixes. "Use Face ID or Touch ID as much as possible when in public to prevent thieves from spying... In situations where entering the passcode is necessary, users can hold their hands over their screen to hide passcode entry."

"A group of Stanford University professors is pushing to end a system that allows students to anonymously report classmates for exhibiting discrimination or bias, saying it threatens free speech on campus (Warning: source paywalled; alternative source)," reports the Wall Street Journal. The Daily Beast reports: Last month, a screenshot of a student reading Hitler's manifesto Mein Kampf was reported in the system, according to the Stanford Daily. Faculty members leading the charge to shut the system down say they didn't know it even existed until they read the student newspaper, one comparing the system to "McCarthyism."

Launched in 2021, students are encouraged to report incidents in which they felt harmed, which triggers a voluntary inquiry of both the student who filed the report and the alleged perpetrator. Seventy-seven faculty members have signed a petition calling on the school to investigate in hopes they toss the system out. This comes as a larger movement by Speech First, a group who claim colleges are rampant with censorship, has filed suit against several universities for their bias reporting systems.

An anonymous reader quotes a report from Motherboard, written by Joseph Cox: On Wednesday, I phoned my bank's automated service line. To start, the bank asked me to say in my own words why I was calling. Rather than speak out loud, I clicked a file on my nearby laptop to play a sound clip: "check my balance," my voice said. But this wasn't actually my voice. It was a synthetic clone I had made using readily available artificial intelligence technology. "Okay," the bank replied. It then asked me to enter or say my date of birth as the first piece of authentication. After typing that in, the bank said "please say, 'my voice is my password.'" Again, I played a sound file from my computer. "My voice is my password," the voice said. The bank's security system spent a few seconds authenticating the voice. "Thank you," the bank said. I was in.

I couldn't believe it -- it had worked. I had used an AI-powered replica of a voice to break into a bank account. After that, I had access to the account information, including balances and a list of recent transactions and transfers. Banks across the U.S. and Europe use this sort of voice verification to let customers log into their account over the phone. Some banks tout voice identification as equivalent to a fingerprint, a secure and convenient way for users to interact with their bank. But this experiment shatters the idea that voice-based biometric security provides foolproof protection in a world where anyone can now generate synthetic voices for cheap or sometimes at no cost. I used a free voice creation service from ElevenLabs, an AI-voice company. Now, abuse of AI-voices can extend to fraud and hacking. Some experts I spoke to after doing this experiment are now calling for banks to ditch voice authentication altogether, although real-world abuse at this time could be rare. A Lloyds Bank spokesperson said in a statement that "Voice ID is an optional security measure, however we are confident that it provides higher levels of security than traditional knowledge-based authentication methods, and that our layered approach to security and fraud prevention continues to provide the right level of protection for customers' accounts, while still making them easy to access when needed."

The Consumer Financial Protection Bureau, one of the U.S. agencies that regulates the financial industry, said: "The CFPB is concerned with data security, and companies are on notice that they'll be held accountable for shoddy practices. We expect that any firm follow the law, regardless of technology used."

FTX co-founder Sam Bankman-Fried was hit Thursday with four new criminal charges, including ones related to commodities fraud and making unlawful political contributions, in a superseding indictment filed in New York federal court. A source familiar with the new counts said that SBF, as he is popularly known, could face an additional 40 years in prison if convicted in the case, where he is accused of "multiple schemes to defraud." CNBC reports: The charging document lays out how Bankman-Fried allegedly operated an illegal straw donor scheme as he moved to use customers funds to run a multimillion-dollar political influence campaign. Bankman-Fried and fellow FTX executives combined to contribute more than $70 million toward the 2022 midterm elections, according to campaign finance watchdog OpenSecrets. The indictment claims that Bankman-Fried and his co-conspirators "made over 300 political contributions, totaling tens of millions of dollars, that were unlawful because they were made in the name of a straw donor or paid for with corporate funds." "To avoid certain contributions being publicly reported in his name, Bankman-Fried conspired to and did have certain political contributions made in the names of two other FTX executives," the new filing claims.

The document refers to one such example, in 2022, when Bankman-Fried and "others agreed that he and his co-conspirators should contribute at least a million dollars to a super PAC that was supporting a candidate running for a United States Congressional seat and appeared to be affiliated with pro-LGBTQ issues." The group of conspirators, according to the document, selected an individual only identified in the document as "CC-1" or co-conspirator 1, to be the donor. However, in 2022, then-FTX Director of Engineering Nishad Singh contributed $1.1 million to the LGBTQ Victory Fund Federal PAC, according to Federal Election Commission filings.

SBF's alleged campaign finance scheme included efforts to keep his contributions to Republicans "dark," according to the new indictment. And, the alleged straw donor scheme was coordinated, at least in part, "through an encrypted, auto-deleting Signal chat called 'Donation Processing,'" according to the indictment. The document says another unnamed co-conspirator "who publicly aligned himself with conservatives, made contributions to Republican candidates that were directed by Bankman-Fried and funded by Alameda," the crypto tycoon's hedge fund. Again, the document does do not name the alleged second FTX co-conspirator who contributed to Republican candidates.

The indictment alleges that Bankman-Fried and his allies allegedly tried to "further conceal the scheme" by recording "the outgoing wire transfers from Alameda to individuals' bank accounts for purposes of making contributions as Alameda 'loans' or 'expenses.'" The document says that "while employees at Alameda generally tracked loans to executives, the transfers to Bankman-Fried, CC-1, and CC-2 in the months before the 2022 midterm elections were not recorded on internal Alameda tracking spreadsheets." The internal Alameda spreadsheets, however, "noted over $100 million in political contributions, even though FEC records reflect no political contributions by Alameda for the 2022 midterm elections to candidates or PACs."

A former employee of a Massachusetts town is facing charges of allegedly setting up a secret cryptocurrency mining operation in a remote crawl space at a school, police said. The Associated Press reports: Nadeam Nahas, 39, was scheduled to be arraigned Thursday on charges of fraudulent use of electricity and vandalizing a school, but he did not show up and a judge issued a default warrant after rejecting a defense motion to reschedule, a spokesperson for the Norfolk district attorney's office said. Police responded to Cohasset Middle/High School in December 2021 after the town's facilities director found electrical wires, temporary duct work, and numerous computers that seemed out of place while conducting a routine inspection of the school, Chief William Quigley of the Cohasset Police Department said in a statement Wednesday.

He contacted the town's IT director, who determined that it was a cryptocurrency mining operation unlawfully hooked up to the school's electrical system, Quigley said. The Coast Guard Investigative Service and the Department of Homeland Security assisted with safely removing and examining the equipment. Nahas, the town's assistant facilities director, was identified as a suspect after a three-month investigation. After a show-cause hearing, a criminal complaint was issued. Nahas subsequently resigned from his job with the town in early 2022, police said.

Staff working at the European Commission have been ordered to remove the TikTok app from their phones and corporate devices. The BBC reports: The commission said it was implementing the measure to "protect data and increase cybersecurity." EU spokeswoman Sonya Gospodinova said the corporate management board of the European Commission, the EU's executive arm, had made the decision for security reasons. "The measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the commission," she said. The ban also means that European Commission staff cannot use TikTok on personal devices that have official apps installed.

The commission says it has around 32,000 permanent and contract employees. They must remove the app as soon as possible and no later than March 15. For those who do not comply by the set deadline, the corporate apps -- such as the commission email and Skype for Business -- will no longer be available. [...] TikTok, owned by Chinese company ByteDance, has faced allegations that it harvests users' data and hands it to the Chinese government.

An anonymous reader quotes a report from Ars Technica: Back in the simpler times of 2018 -- before the US Food and Drug Administration had to grapple with emergency authorizations in a deadly pandemic, before it scrambled to address a scandalous baby formula shortage, and before it largely bungled oversight of vaping products -- the regulator dove into a sour struggle over dairy labeling. [...] With the issue simmering in 2018, the FDA stepped in to extract some truths and skim the fat. In a particularly clarifying statement, then-FDA Commissioner Scott Gottlieb noted that the FDA, in fact, has a definition for the "standard of identity" of milk -- and it appears to exclude liquids squeezed from plants. To be precise, the FDA appetizingly defined milk back in 1973 as "the lacteal secretion, practically free from colostrum, obtained by the complete milking of one or more healthy cows." Colostrum, in case you were wondering, is a milky fluid produced immediately after birth before full milk production kicks in.

Gottlieb conceded at the time that he couldn't swiftly or unilaterally wipe "milk" from almond- and soy-juice cartons nationwide. Instead, the agency would have to pore over the topic, hold focus groups, and work up new guidance. But, based on Gottlieb's adherence to the bovine-based definition, the outcome seemed like a foregone conclusion. That is, much like blood from a stone, milk from a nut would be an unattainable secretion -- or so it seemed. In an about-face, the FDA on Wednesday released the long-awaited draft guidance with a spit-take pronouncement: Plant-based milk alternatives can keep using the term "milk." The agency did, however, recommend -- though not require -- that makers of non-milked milks note on their packaging if their product has differing nutrient contents than cow's milk.

In the guidance, the FDA acknowledged that, by its own definition of milk, plant-based milk can't be called milk. "[T]hey are made from plant materials rather than the lacteal secretion of cows," the FDA clarified. But, the regulator argued, essentially, that plant-based milks aren't sold as just "milk," they're sold as distinct plant-based milks -- and there's no confusion about it. "Although many plant-based milk alternatives are labeled with names that bear the term "milk" (e.g., "soy milk"), they do not purport to be nor are they represented as milk," the FDA concluded. "The comments and information we reviewed indicate that consumers understand plant-based milk alternatives to be different products than milk. [C]onsumers, generally, do not mistake plant-based milk alternatives for milk." Further, the FDA's years' worth of focus groups, surveys, and research revealed that many consumers purposefully buy plant-based milks "because they are not milk," often for reasons like allergies, an intolerance, or a vegan diet. Plant-based milk alternatives fall into a distinct food category from milk that lacks its own "standard of identity," adds Ars. "FDA regulations stipulate that plant-based milks would be considered a 'non-standardized food,' which are required to bear a common or usual name that will be known to the American public."

"'The names of some plant-based milk alternatives appear to be established by common usage, such as 'soy milk' and 'almond milk,' the FDA wrote. Thus, by law, they can and should keep their names, the agency concluded."

Mozilla researchers find discrepancies between Google Play Store's Data Safety labels and privacy policies of nearly 80 percent of the reviewed apps. From the report: Google Play Store's Data Safety labels would have you believe that neither TikTok nor Twitter share your personal data with third parties. The apps' privacy policies, however, both explicitly state that they share user information with advertisers, Internet service providers, platforms, and numerous other types of companies. These are two of the most egregious examples uncovered by Mozilla's *Privacy Not Included researchers as part of a study looking at whether Google Play Store's new Data Safety labels provide consumers with accurate information about apps collect, use, and share personal data. In nearly 80 percent of the apps reviewed, Mozilla found that the labels were false or misleading based on discrepancies between the apps' privacy policies and the information apps self-reported on Google's Data Safety Form. Researchers concluded that the system fails to help consumers make more informed choices about their privacy before purchasing or downloading one of the store's 2.7 million apps.

The study -- "See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark," -- uncovers serious loopholes in the Data Safety Form, which make it easy for apps to provide false or misleading information. For example, Google exempts apps sharing data with "service providers" from its disclosure requirements, which is problematic due to both the narrow definition it uses for service providers and the large amount of consumer data involved. Google absolves itself of the responsibility to verify whether the information is true stating that apps "are responsible for making complete and accurate declarations" in their Data Safety labels. In a statement Google said: "This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects. The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information."

Images in a graphic novel that were created using the artificial-intelligence system Midjourney should not have been granted copyright protection, the U.S. Copyright Office said in a letter seen by Reuters. From the report: "Zarya of the Dawn" author Kristina Kashtanova is entitled to a copyright for the parts of the book she wrote and arranged, but not for images she made using Midjourney, the office said in its letter, dated Tuesday. The decision is one of the first by a U.S. court or agency on the scope of copyright protection for works created with AI, and comes amid the meteoric rise of generative AI software like Midjourney, Dall-E and ChatGPT.

The Copyright Office said in its letter that it would reissue its registration for "Zarya of the Dawn" to omit images that "are not the product of human authorship." [...] Midjourney is an AI-based system that generates images based on text prompts entered by users. Kashtanova wrote the text of "Zarya of the Dawn," and Midjourney created the book's images based on her prompts.

An anonymous reader quotes a report from NBC News: The Supreme Court on Tuesday turned away an Ohio man's claim that his constitutional rights were violated when he was arrested and prosecuted for making satirical posts about his local police department on Facebook. The justices' rejection of Anthony Novak's appeal means his civil rights lawsuit against the Parma Police Department cannot move forward. With its decision, the court again declined to consider revisiting "qualified immunity," the contentious legal defense that lets police officers and other government officials off the hook in civil rights cases if constitutional violations have not been "clearly established" when they occur. At issue was whether a lower court correctly granted the police officers qualified immunity under the rationale that previous court precedent had not clearly established that Novak's actions constituted protected speech under the Constitution's First Amendment.

In March 2016, Novak set up a Facebook page that purported to be that of the Parma Police Department. He published six satirical posts in 12 hours, one of which claimed there was a job opening to which minorities were encouraged not to apply and another that warned people not to give food, money or shelter to homeless people. The police department, claiming the posts had disrupted its operations, launched an investigation and ultimately searched Novak's apartment, arrested him and jailed him for four days. Novak was charged under a state law that criminalizes disruption of police operations but acquitted at trial.

The police officers, Kevin Riley and Thomas Connor, say they had probable cause to arrest Novak because they genuinely believed his conduct was disrupting their operations. Novak sued the officers and the police department, saying they had violated his free speech rights, as well as his right to be free of unlawful searches and seizures under the Constitution's Fourth Amendment. After lengthy litigation, a federal judge dismissed Novak's claims. The Cincinnati-based 6th U.S. Circuit Court of Appeals agreed in a ruling in April that "the officers reasonably believed they were acting within the law" even if his Facebook page was obviously a parody. That's because there was no court precedent saying it's a violation of the Constitution to be arrested in retaliation for satirical remarks when the officers have probable cause, the court said. Novak's appeal was backed by satirical news sites The Babylon Bee and The Onion, which filed a lighthearted brief saying its writers "have a self-serving interest in preventing political authorities from imprisoning humorists."

The U.S. Supreme Court has declined to hear a bid by the operator of the popular Wikipedia internet encyclopedia to resurrect its lawsuit against the National Security Agency challenging mass online surveillance. From a report: Turning away the Wikimedia Foundation's appeal, the justices left in place a lower court's dismissal of the lawsuit based on the government's assertion of what is called the state secrets privilege, a legal doctrine that can shut down litigation if disclosure of certain information would damage U.S. national security. Represented by the American Civil Liberties Union, Wikimedia Foundation sued in 2015 challenging the legality of the NSA's "Upstream" surveillance of foreign targets through the "suspicionless" collection and searching of internet traffic on data transmission lines flowing into and out of the United States.

Medical device maker AliveCor announced today that President Biden has upheld an International Trade Commission ruling that could result in a potential import ban on the Apple Watch over its EKG feature. The Verge reports: Back in December, the ITC issued a final determination (PDF) that Apple had infringed on AliveCor's wearable EKG tech. In the ruling, the ITC recommended a limited exclusion order and a cease-and-desist order for Apple Watch models with EKG features. If enforced, that would mean that Apple would no longer be able to import Apple Watch with EKG capabilities into the US for sale. According to Apple spokesperson Hannah Smith, the company will appeal the ITC's decision to the Federal Circuit.

A veto from Biden would have rendered the issue moot. According to The Hill, while presidents generally don't interfere with ITC rulings, in 2013, former President Obama vetoed a similar import ban after the ITC ruled that iPhones and iPads infringed on Samsung tech. It's possible that Apple was hoping for history to repeat itself, as it reportedly amped up lobbying last week ahead of Biden's decision.

https://www.theverge.com/2023/1/11/23550036/the-apple-watchs-blood-oxygen-feature-is-at-the-center-of-a-potential-import-ban Biden's decision doesn't mean every Apple Watch from the Series 4 to the Apple Watch Ultra (excluding both generations of the SE) is about to disappear off shelves. Apple's Smith told The Verge the ITC's ruling doesn't have any real impact at the moment. That's because the Patent Trial and Appeal Board recently ruled that AliveCor's EKG tech isn't actually patentable, and AliveCor would have to win its appeal (PDF) to that ruling for any potential ban to take effect. However, AliveCor isn't the only medical tech company that's seeking an import ban on the Apple Watch via the ITC. Masimo also sued Apple for allegedly infringing on five of its pulse oximetry patents. Last month, an ITC judge also ruled in Masimo's favor and will decide whether a potential import ban is warranted in May. If so, that import ban would impact any Apple Watch with an SpO2 sensor (i.e., the Series 6 or later, excluding the SE.)