Biden administration officials are divided over how aggressively new artificial intelligence tools should be regulated -- and their differences are playing out this week in Sweden. From a report: Some White House and Commerce Department officials support the strong measures proposed by the European Union for AI products such as ChatGPT and Dall-E, people involved in the discussions said. Meanwhile, US national security officials and some in the State Department say aggressively regulating this nascent technology will put the nation at a competitive disadvantage, according to the people, who asked not to be identified because the information isn't public. This dissonance has left the US without a coherent response during this week's US-EU Trade and Technology Council gathering in Sweden to the EU's plan to subject generative AI to additional rules. The proposal would force developers of artificial intelligence tools to comply with a host of strong regulations, such as requiring them to document any copyrighted material used to train their products and more closely track how that information is used. National Security Council spokesman Adam Hodge said the Biden administration is working across the government to "advance a cohesive and comprehensive approach to AI-related risks and opportunities."

The European Commission has published its biannual list of foreign countries with problematic copyright policies. One of the highlighted issues is a lack of pirate site blocking, which is seen as an effective enforcement measure, writes TorrentFreak, a news website that tracks piracy news. Interestingly, the EU doesn't mention the United States, which is arguably the most significant country yet to implement an effective site-blocking regime.

The European Union and the United States are set to step up cooperation on artificial intelligence with a view to establishing minimum standards before legislation enters force, the EU's tech chief Margrethe Vestager said on Tuesday. From a report: The European Union's AI Act could be the world's first comprehensive legislation governing the technology, with new rules on facial recognition and biometric surveillance, but EU governments and lawmakers still need to agree a common text. Vestager, a vice-president of the European Commission, told a briefing on Tuesday that process might be completed by the end of the year.

"That would still leave one if not two years then to come into effect, which means that we need something to bridge that period of time," she said. Vestager said AI would be one area of focus at the fourth ministerial-level meeting of the Trade and Technology Council (TTC) in Sweden on May 30-31, with discussions on generative AI algorithms that produce new text, visual or sound content, such as ChatGPT. "There is a shared sense of urgency. In order to make the most of this technology, guard rails are needed," she said. "Can we discuss what we can expect companies to do as a minimum before legislation kicks in?"

An anonymous reader quotes a report from Agence France-Presse: The French government unveiled a plan on Monday to accelerate cuts to its greenhouse gas emissions, targeting a reduction of 50 percent by 2030 compared with 1990 levels. Unveiled by Prime Minister Elisabeth Borne, the roadmap includes detailed figures for reductions for individual sectors of the economy, ranging from the transport industry to households. The objectives -- from speeding up the transition to electric cars or switching freight from road to rivers -- are aimed at bringing France's ambitions for slashing carbon pollution into line with the EU's target for 2030.

France has so far cut its emissions by 25 percent compared with 1990 levels, requiring major fresh efforts if it is to hit the new 50-percent target. "We're asking for a bit from the smallest (polluters) and a lot from the biggest," an aide to Borne told reporters, meaning around half of efforts would be for companies, a quarter for households and a quarter for local administrations. "Among other developed countries, the United Kingdom has the most ambitious short-term goals of any major economy, with an objective of 2030 emissions being 68 percent below 1990 levels," notes AFP. "The United States has committed to cut greenhouse gases 50-52 percent by 2030 below 2005 levels, while Germany has set a 65 percent reduction target compared to 1990."

An anonymous reader quotes a report from Wired: Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content. The document, a European Council survey of member countries' views on encryption regulation, offered officials' behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users' private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption.

For years, EU states have debated whether end-to-end encrypted communication platforms, such as WhatsApp and Signal, should be protected as a way for Europeans to exercise a fundamental right to privacy -- or weakened to keep criminals from being able to communicate outside the reach of law enforcement. Experts who reviewed the document at WIRED's request say it provides important insight into which EU countries plan to support a proposal that threatens to reshape encryption and the future of online privacy. Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain's position emerging as the most extreme. "Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," Spanish representatives said in the document. The source of the document declined to comment and requested anonymity because they were not authorized to share it.

In its response, Spain said it is "imperative that we have access to the data" and suggests that it should be possible for encrypted communications to be decrypted. Spain's interior minister, Fernando Grande-Marlaska, has been outspoken about what he considers the threat posted by encryption. When reached for comment about the leaked document, Daniel Campos de Diego, a spokesperson for Spain's Ministry of Interior, says the country's position on this matter is widely known and has been publicly disseminated on several occasions. Edging close to Spain, Poland advocated in the leaked document for mechanisms through which encryption could be lifted by court order and for parents to have the power to decrypt children's communications. Several other countries say they would give law enforcement access to people's encrypted messages and communications. "Cyprus, Hungary, and Spain very clearly see this law as their opportunity to get inside encryption to undermine encrypted communications, and that to me is huge," says Ella Jakubowska, a senior policy advisor at European Digital Rights (EDRI) who reviewed the document. "They are seeing this law is going far beyond what DG home is claiming that it's there for."

Facebook owner Meta was hit by a record $1.3 billion European Union privacy fine and given a deadline to stop shipping users' data to the US after regulators said it failed to protect personal information from the prying eyes of American security services. Bloomberg News: The social network giant's continued data transfers to the US didn't address "the risks to the fundamental rights and freedoms" of people whose data was being transfered across the Atlantic, according to a decision by the Irish Data Protection Commission announced on Monday. On top of the fine, which eclipses a $806 million EU privacy penalty previously doled out to Amazon, Meta was given five months to "suspend any future transfer of personal data to the US" and six months to stop "the unlawful processing, including storage, in the US" of transferred personal EU data. A data-transfers ban for Meta was widely expected and once prompted the US firm to threaten a total withdrawal from the EU. But its impact has now been muted by the transition phase given in the decision and the prospect of a new EU-US data flows agreement that could already be operational by the middle of this year.

An anonymous reader quotes a report from TorrentFreak: When the French government formed a new anti-piracy agency called Hadopi, the mission was to significantly disrupt BitTorrent and similar peer-to-peer file-sharing networks. Hadopi was a pioneer of the so-called "graduated response" scheme which consists of monitoring a file-sharer's internet activities and following up with a warning notice to deter their behavior. Any future incidents attract escalating responses including fines and internet disconnections. Between 2010 and 2020, Hadopi issued 12.7 million warning notices at a cost to French taxpayers of 82 million euros. The program's effect on overall piracy rates remains up for debate but according to French internet rights groups, Hadopi doesn't just take citizens' money. When it monitors citizens' internet activities, retains huge amounts of data, and then links identities to IP addresses to prevent behavior that isn't a "serious crime," Hadopi violates fundamental rights.

Despite its authorization under the new law, the official launch of the Hadopi agency in 2009 met with significant opposition. File-sharers had issues with the program for obvious reasons but for digital rights group La Quadrature du Net, massive internet surveillance to protect copying rights had arrived at the expense of citizens' fundamental right to privacy. La Quadrature's opposition to the Hadopi anti-piracy program focuses on the law crafted to support it. One of the implementing decrees authorizes the creation of files containing internet users' IP addresses plus personal identification data obtained from their internet service providers. According to the digital rights group's interpretation of EU law, that is unlawful.

With support from the Federation of Associative Internet Service Providers, French Data Network, and Franciliens.net, in 2019 La Quadrature filed an appeal before the Council of State (Conseil d'Etat), requesting a repeal of the decree that authorizes the processing of personal information. The Council of State referred the matter to the Constitutional Council and its subsequent decision gave La Quadrature the impression that Hadopi's position was untenable. For their part, Hadopi and the government reached the opposite conclusion. The Council of State heard La Quadrature's appeal and then referred questions to the Court of Justice of the European Union (CJEU) for interpretation under EU law. In CJEU Advocate General Szpunar's non-binding opinion issued last October, friction between privacy rights and the ability to enforce copyrights were on full display. [...] Faced with an opinion that recognizes difficulties faced by rightsholders but runs up against case-law, AG Szpunar proposed "readjustment of the case-law of the Court." This would ensure that rightsholders retain the ability to enforce their rights, when an IP address is the only means by which an infringer can be identified (CJEU, pdf). The first court hearing occurred on Tuesday, and a further legal opinion is expected in late September 2023. The ruling from the CJEU is expected before the end of the year.

The UK government has announced an investment of up to $1.25 billion in the domestic semiconductor industry, but has been criticised for declining to join the spending race that has seen the US and EU announce significantly bigger programmes. From a report: Labour accused the government of lacking ambition in its announcement, while one UK startup said the 1bn pound figure was less than the cost of one basic semiconductor plant. The U's long-awaited national semiconductor strategy would focus on the country's existing strengths in the technology. Semiconductors, or microchips, are the "brains" of electronic devices, formed by wafers of silicon that are key to most forms of modern technology, from cars, smartphones and kitchen devices to power stations. Under the strategy, the planned decade-long investment would be targeted at areas such as design, research and development. "Semiconductors underpin the devices we use every day and will be crucial to advancing the technologies of tomorrow," said the prime minister, Rishi Sunak. "Our new strategy focuses our efforts on where our strengths lie, in areas like research and design, so we can build our competitive edge on the global stage."

Big tech companies accounting for more than 5% of a telecoms provider's peak average internet traffic should help fund the rollout of 5G and broadband across Europe, according to a draft proposal by the telecoms industry. From a report: The proposal is part of feedback to the European Commission which launched a consultation into the issue in February. The deadline for responses is Friday. Alphabet's Google, Apple, Facebook-owner Meta, Amazon, Netflix and TikTok would most likely be hit with fees, according to industry estimates. Google, Apple, Meta, Netflix, Amazon and Microsoft together account for more than half of data internet traffic.

The document, which was reviewed by Reuters and has not been published, was compiled by telecoms lobbying groups GSMA and ETNO. They represent 160 operators in Europe, including Deutsche Telekom, Orange, Telefonica and Telecom Italia. Telecom operators have lobbied for years for leading technology companies to help foot the bill for 5G and broadband roll-out, saying that they create a huge part of the region's internet traffic. This is the first time they have tried to define a threshold for who should pay.

European Union states on Tuesday gave the final nod to the world's first comprehensive set of rules to regulate cryptoassets on Tuesday, piling pressure on countries such as Britain and the United States to play catch up. From a report: An EU finance minister meeting in Brussels approved rules that were thrashed out with the European Parliament, which gave its approval in April. The rules are expected to be rolled out from 2024. Regulating crypto has become more urgent for regulators after the collapse of crypto exchange FTX. "Recent events have confirmed the urgent need for imposing rules which will better protect Europeans who have invested in these assets, and prevent the misuse of crypto industry for the purposes of money laundering and financing of terrorism," said Elisabeth Svantesson, finance minister for Sweden, which holds the EU presidency.

The rules require firms that want to issue, trade and safeguard cryptoassets, tokenised assets and stablecoins in the 27 country bloc to obtain a licence. Ministers took steps to combat tax evasion and the use of cryptoasset transfers for money laundering by making transactions easier to trace. They agreed on a requirement that from January 2026 service providers obtain the name of senders and beneficiaries in cryptoassets, regardless of the amount being transferred.

Microsoft's Azure cloud business has been targeted by the European Union's antitrust arm, amid concerns the US software firm is leveraging its market power to squeeze out rivals. From a report: As part of an informal probe, regulators are quizzing competitors and customers about how Microsoft may be abusing its access to business-sensitive information belonging to cloud firms it has commercial dealings with, according to documents seen by Bloomberg. EU antitrust enforcers want to know whether Microsoft then leverages such confidential information to compete with cloud-service providers on the market, said two people familiar with the matter, who spoke on condition of anonymity.

The EU's escalation follows on the heels of a series of complaints from cloud firms over Microsoft's behavior -- including CISPE, an industry group with links to Amazon.com's Amazon Web Services. The scrutiny of cloud competition coincides with Microsoft's efforts to convince regulators around the world to approve its $69 billion acquisition of Activision Blizzard, publisher of blockbuster game Call of Duty. The European Commission, the EU watchdog, on Monday conditionally approved the tie-up, just weeks after the UK's competition authority vetoed it.

European regulators have approved Microsoft's $69 billion acquisition of Activision Blizzard, handing the technology giant a victory at a time when the deal is being challenged in other countries. From a report: While the merger could harm competition in some respects, particularly in the fast-growing market for cloud gaming services, concessions by Microsoft were enough to mitigate antitrust concerns stemming from the deal, the European Commission said in a statement. Among Microsoft's offers were a 10-year commitment letting European consumers play Activision titles on any cloud gaming service. Microsoft also committed that it would not downgrade the quality or content of its games made available on rival streaming platforms.

The European Union plans to force crypto companies to give tax authorities details of their clients' holdings, according to a draft bill released to CoinDesk under freedom of information laws. From a report: The data-sharing law, based on a model from the Organization for Economic Cooperation and Development (OECD), is set to be agreed by finance ministers next week, and will allow tax authorities to share data within the 27-nation bloc. Commission officials have said the bill received unanimous acclaim at a meeting on Wednesday, though people familiar with the matter told CoinDesk that some finance ministers have not yet received formal approval from parliaments.

The bill, dated May 5, closely matches proposals made by the European Commission in December 2022, as part of a bid to stop EU residents stashing crypto abroad to hide it from the taxman. The commission would have to set up a register of crypto asset operators' by December 2025, bringing forward a previous deadline by one year, and the rules will apply as of Jan. 1, 2026. Controversially, the law -- known as the eighth directive on administrative cooperation (DAC8) -- still includes platforms for trading non-fungible tokens that can be used for payment or investment, and providers from outside the bloc that have EU clients.

The EU is planning an undersea internet cable to improve connectivity to Georgia and reduce dependence on lines running through Russia, amid growing concerns about vulnerabilities to infrastructure transmitting global data. From a report: The $49mn cable will link EU member states to the Caucasus via international waters in the Black Sea, stretching a span of 1,100km. The project aims to reduce the region's "dependency on terrestrial fibre-optic connectivity transiting via Russia," the European Commission said in a policy document. The EU and Georgia jointly identified the need for the Black Sea internet cable in 2021 to improve Georgia's digital connectivity. However, the war in Ukraine has added impetus to the project, given the need to avoid relying on "connections that are not secure or stable," said a person with knowledge of the proposal.

Internet cables have come under scrutiny because of global concerns around espionage, as land-based lines and the stations where submarine cables come ashore are seen as vulnerable to interception by governments, hackers and thieves. Concerns around intentional sabotage of undersea cables and other maritime infrastructure have also grown since multiple explosions on the Nord Stream gas pipelines last September, which media reports recently linked to Russian vessels. Two cables off the coast of Norway were cut in 2021 and 2022, sparking concerns about malicious attacks.

At I/O 2023 earlier this week, Google announced that it's expanding its AI chatbot Google Bard to 180 countries. However, what Google didn't mention is that Bard still isn't available in the European Union. From a report: On a support page, Google details the full list of 180 countries in which Bard is now available. This includes countries all over the globe, but very noticeably not any countries that are a part of the European Union. It's a big absence from what is otherwise a global expansion for Google's AI. The reason why isn't officially stated by Google, but it seems reasonable to believe that it's related to GDPR. Just last month, Italy briefly banned ChatGPT over similar concerns that the AI couldn't comply with the regulations. Google also slyly hints this might be the case saying that further Bard expansions will be made "consistent with local regulations."

Veteran open source report Steven J. Vaughan-Nichols, writing at The Register: We can all agree that securing our software is a good thing. Thanks to one security fiasco after another -- the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong -- we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security. At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely. Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

But the EU commissioners don't have a clue about how open source software works. Or, frankly, what it is. They think that open source is the same as proprietary software with a single company behind it that's responsible for the work and then monetizes it. Nope. Open source, as I've said over and over again, is not a business model. Sure, you can build businesses around it. Who doesn't these days? But just as the AWSes, Googles, and Facebooks of the world depend on open source software, they also use programs written by Tom, Denise, and Harry from around the world. The CRA's underlying assumption is that you can just add security to software, like adding a new color option to your car's paint job. We wish!

Securing software is a long, painful process. Many open source developers have neither the revenue nor resources to secure their programs to a government standard. The notional open source developer in Nebraska, thanklessly maintaining a vital small program, may not even know where Brussels is (it's in Belgium). They can't afford to secure their software to meet EU specifications. They often have no revenue. They certainly have no control over who uses their software. It's open source, for pity's sake! As open source developer Thomas Depierre recently blogged: "We are not suppliers. All the people writing and maintaining these projects, we are not suppliers. We do not have a business relationship with all these organizations. We are volunteers, writing code and putting it online under these Licenses." Exactly.

An anonymous reader shares an excerpt from a collaborative investigation between Motherboard, lavialibera, and IrpiMedia: Mafioso Bartolo Bruzzaniti needed everyone to do their job just right. First, the Colombian suppliers would hide a massive amount of cocaine inside bananas at the port city of Turbo, Colombia. That shipping container would then be transported across the ocean to Catania, in Sicily, Italy. A corrupt port worker on the mafia's payroll would wave the shipment through and had advised the group how to package the drugs. This was so the cocaine could remain undetected even if the worker was forced to scan the shipment. Another group of on-the-ground mafiosos would then unload the cocaine outside of the port.

In March 2021, Bruzzaniti, an alleged member of the infamous 'Ndrangheta mafia group and who says Milan belongs to him "by right," asked his brother Antonio to go fetch something else crucial to the traffickers' success. "Go right now," Bruzzaniti wrote in a text message later produced in court records. "It's needed urgently." Investigators know what Bruzzaniti said because European authorities had penetrated an encrypted phone network called Sky and harvested around a billion of the users' messages. These phones are the technological backbone of organized crime around the world.

The thing Antonio needed to urgently fetch was a phone from a different encrypted phone network, one that the authorities appear to have not compromised and which the mafia have been using as part of their operations. To that phone, a contact sent one half of the shipping container's serial number. A reporting collaboration between Motherboard, lavialibera, and IrpiMedia has identified that encrypted phone as being run by a company called No. 1 Business Communication (No. 1 BC). The investigation has found members of the mafia and other organized crime groups turning to No. 1 BC as authorities cracked down on other platforms. The collaboration has identified multiple key players in No. 1 BC's development, sales, and legal structure. "Take the bc1 right away," Bruzzaniti wrote in another text, referring to the No. 1 BC phone.

EU lawmakers on Thursday urged the European Commission to continue talks to reinforce a proposed data transfer pact with the United States, saying there were still shortcomings in the agreement. From a report: The move could further delay an accord which is critical for thousands of companies. The EU executive in a draft decision in December said that U.S. safeguards against American intelligence activities were strong enough to address EU data privacy concerns. Such worries had prompted Europe's top court to strike down two previous data transfer pacts, affecting thousands of companies that move Europeans' personal data across the Atlantic for commercial use such as financial services, human resources and e-commerce. "This new proposal contains significant improvements, but unfortunately, we are not there yet," lawmaker Juan Fernando Lopez Aguilar said after the assembly voted in a non-binding resolution against the proposed pact.

European lawmakers came a step closer to passing new rules regulating artificial intelligence tools such as ChatGPT, following a crunch vote on Thursday where they agreed tougher draft legislation. From a report: The European Union's highly anticipated AI Act looks set to be the world's first comprehensive legislation governing the technology, with new rules around the use of facial recognition, biometric surveillance, and other AI applications. After two years of negotiations, the bill is now expected to move to the next stage of the process, in which lawmakers finalise its details with the European Commission and individual member states.

Speaking ahead of the vote by two lawmakers' committees, Dragos Tudorache, one of the parliamentarians (MEPs) charged with drafting the laws, said: "It is a delicate deal. But it is a package that I think gives something to everyone that participated in these negotiations. Our societies expect us to do something determined about artificial intelligence, and the impact it has on their lives. It's enough to turn on the TV ... in the last two or three months, and every day you see how important this is becoming for citizens." Under the proposals, AI tools will be classified according to their perceived level of risk, from low to unacceptable. Governments and companies using these tools will have different obligations, depending on the risk level.

Clearview AI, the US startup that's attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the Internet and used people's data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator. From a report: The overdue penalty payment of $5.7M has been issued by the French regulator, the CNIL -- on top of a $22M sanction it slapped the company with last year for breaching regional privacy rules. The European Union's General Data Protection Regulation (GDPR) sets out conditions for processing personal data lawfully. Clearview has been found to have breached a number of requirements set out in law -- by France's CNIL and several other regional data protection authorities, including authorities in the UK, Italy and Greece, garnering several tens of millions in total fines to date. Whether Clearview will ever pay any of these fines remains an open question, since the US-based company has not been cooperating with EU regulators.