Tens of thousands of people have fallen victim to predatory loan apps, which extort users using sensitive information from their phones. Google has changed its policy to prevent the loan apps from being listed on the Play store, but enforcement is unreliable. Rest of World: According to Mexico City's Citizen Council for Safety and Justice, a consumer watchdog group, 135 reports to local authorities have been filed against JoyCredito for fraud and extortion. But despite the government attention, the app is still available to download from the Google Play store. For years, apps like JoyCredito have been exploiting borrowers from Mexico to India. They lend small amounts of money with few requirements and very high interest rates to financially vulnerable people -- and then extort them when the loan is due. After years of mounting pressure from watchdog groups, Google explicitly banned the apps from the Play store in October. But stories like those of Macias Gonzalez show how widespread the apps still are -- and how ineffective Google has been at enforcing its own policy.

Rest of World presented Google with 15 instances of exploitative loan apps based in Mexico that explicitly violate the terms of the Play store. All of them were still available in the store as of press time. Of the 15 apps, 12 explicitly asked for access to either the camera roll or contacts in the Google Play store's terms of services. Two others specified full access only in external documents. One other gave no data access information. Rest of World also found 10 apps in Peru that have been flagged as exploitative by SBS, a national body that oversees banking, insurance, and private pension. All the apps are still available for download on the Google Play store.

One man living in Virginia oversaw "the laundering of some $7 million in fraudulently obtained gift cards" from Walmart in an international operation which over five years scammed hundreds of victims into sending the numbers over the phone, reports a new ProPublica investigation. (Citing court evidence that emerged after his arrested in 2021). Earlier that year, he complained to an associate that more and more people were competing to resell cards in China, eating into his profits. So many scammers were flocking to Walmart that he and his team regularly encountered them at self-checkout counters.... "We ran into quite a few at the store, and we even started chatting."
It was apparently so common that federal prosecutors started calling it "The Walmart scheme." And while the store is supposed to watch for customers who appear to be acting on a scammer's instructions, "Too often, Walmart has failed." America's largest retailer has long been a facilitator of fraud on a mass scale, a ProPublica investigation has found. For roughly a decade, Walmart has resisted tougher enforcement while breaking promises to regulators and skimping on employee training, according to more than 50 interviews, internal documents supplied by former industry executives, court filings and other public records...More than $1 billion in fraud losses were routed through the company's financial systems between 2013 and 2022, according to filings by the Federal Trade Commission and court cases analyzed by ProPublica. That has helped fuel a boom in financial chicanery. Americans, many of them elderly, were swindled out of $27 billion between 2013 and 2022, according to the FTC...

Walmart has a financial incentive to avoid cracking down. It makes money each time a Walmart gift card is used and earns a fee when another brand of card is bought. And it receives one commission when a person sends a money transfer and a second when the recipient picks it up. The company's financial services business generates hundreds of millions in annual profits. (Its filings do not provide specific figures for gift cards and money transfers.) "They were concerned about the bucks. That's all," Nick Alicea, a former fraud team leader for the U.S. Postal Inspection Service who investigated Walmart for years, told ProPublica. Walmart's deficiencies have repeatedly attracted government scrutiny. In 2017, the attorneys general of New York and Pennsylvania investigated Walmart over concerns that it was "reaping the benefits" of gift card fraud. The investigation concluded a year later with Walmart promising to restrict or eliminate the use of its gift cards to purchase other gift cards...

Instead, the company let the practice continue until 2022 — even after it knew that millions of dollars were being laundered through its stores. The FTC sued Walmart in 2022, alleging it "turned a blind eye" as criminals took advantage of its money transfer service. Walmart, the FTC claimed, pocketed millions in fees while "letting fraudsters fleece its customers." Summarizing the FTC's evidence, a federal judge in the case wrote that "Walmart knew that its services were used by fraudsters" and that the company was repeatedly warned about certain stores where "twenty-five, fifty, or even seventy-five percent of money transfer activity was fraudulent." Separately, a federal grand jury in Pennsylvania is hearing evidence of possible criminal conduct in Walmart's money transfer business, according to corporate filings that did not detail the allegations.
While the FTC says Americans were swindled out of $27 billion between 2013 and 2022, Walmart responded to ProPublica's investigation by pointing out it's refunded $4 million to gift-card fraud victims, and also blocked more than $700 million in suspicious money transfers. "We have a robust anti-fraud program and other controls to help stop scammers and other criminals who may use the financial services we offer to harm our customers." The company's legal filings in the FTC case struck a different tone. Walmart is seeking to dismiss the suit, partly on the grounds that it has "no responsibility to protect against the criminal conduct of third parties." Though fraud is "deeply unfortunate," Walmart argues, such schemes are "reasonably avoidable by consumers."
Other interesting quotes from the article:

• "Walmart outlets at one point accounted for the top 20 locations for fraud nationally among chains that partnered with MoneyGram, according to internal documents."

• "In a single week in March 2017, consumers claiming they'd been duped into a money transfer filed 610 complaints about Walmart, according to documents obtained by ProPublica. CVS ranked second, with 47."

• "Site inspections routinely found that Walmart staff lacked anti-fraud training and that employees failed to ask screening questions..."

• Walmart resisted MoneyGram's attempts to fight fraud [according to the former fraud team leader for the postal inspector's office in Harrisburg, Pennsylvania, who investigated MoneyGram and Walmart].

"Some of the most convenient fast-charging stations — mostly those located off major highways — have become gridlocked, especially on busy weekends," complains the opinion editor for California's Tribune newspaper in San Luis, Obispo. Drivers are reporting waits of half an hour or more — sometimes much more. One driver who posted on Reddit waited three hours to charge in Kettleman City on Thanksgiving weekend, turning a five-and-a-half-hour trip into a 10-and-a-half-hour ordeal... Look, it's one thing to spend 30 or 40 minutes charging a battery, which is a given when you take an EV on a road trip. But having to wait in a long line just to get to an open charging bay? What's happening now is "potentially a nightmare for drivers as more EVs hit the road," described GreenBiz transportation writer Vartan Badalian [after a March visit to New York State]...

Badalian, the transportation writer, has an idea on how to deal with gridlock. "As you approach a full charging location, your EV (of any make) connects to the charging location and enters itself into a virtual queue, with entry to the queue dependent upon close geographical proximity. Drivers then park in an available normal parking spot, and only when prompted, proceed to plug in and charge. If a driver attempted to charge before their turn, the chargers would simply not communicate with the vehicle..."

If only that would work. Unfortunately, plug-in chargers have a tough enough time fulfilling their basic task of delivering electricity. Here's how bad it is: A survey of non-Tesla chargers conducted in the Bay Area in 2022 found that 27% of chargers were not working. This would be a good time to point out that Tesla superchargers have a much better performance record than other types of chargers, and that Tesla is opening "select" supercharger stations to other types of vehicles. Also, efforts are being made to increase the reliability of public chargers; the U.S. Department of Transportation just awarded $149 million in grants for the repair and replacement of broken chargers. The biggest share, $64 million, is going to California. In other words, hope is on the horizon. For now, though, we seem to be relying on a haphazard honor system.

How hard would it be to use some orange cones to designate a "waiting lane"? That way drivers pulling in could get an immediate read on how long they might have to wait... Also, limit drivers to an 80% charge, and require them to drive away within, say, five minutes after the charger has stopped. That might be hard to enforce, but peer pressure can be a powerful incentive. The point is, somebody has to step up and make charging stations more driver-friendly, and the obvious choice is whoever is in charge of the chargers.

An anonymous reader quotes a report from Electrek: The Biden administration has updated the roadmap for solar development to 22 million acres of federal lands in the US West. The Bureau of Land Management (BLM) and the Department of Energy's National Renewable Energy Laboratory have determined that 700,000 acres of federal lands will be needed for solar farms over the next 20 years, so BLM recommended 22 million acres to give "maximum flexibility" to help the US reach its net zero by 2035 power sector goal. The plan is an update of the Bureau of Land Management's 2012 Western Solar Plan, which originally identified areas for solar development in six states -- Arizona, California, Colorado, Nevada, New Mexico, and Utah.

The updated roadmap refines the analysis in the original six states and expands to five more states -- Idaho, Montana, Oregon, Washington, and Wyoming. It also focuses on lands within 10 miles of existing or planned transmission lines and moves away from lands with sensitive resources. [...] BLM under the Biden administration has approved 47 clean energy projects and permitted 11,236 megawatts (MW) of wind, solar, and geothermal energy on public lands, enough to power more than 3.5 million homes. Ben Norris, vice president of regulatory affairs at the Solar Energy Industries Association (SEIA), said in response to BLM's announced Western Solar Plan updates: "The proposal ... identifies 200,000 acres of land near transmission infrastructure, helping to correct an important oversight and streamline solar development. Under the current policy, there are at least 80 million acres of federal lands open to oil and gas development, which is 100 times the amount of public land available for solar. BLM's proposal is a big step in the right direction and recognizes the key role solar plays in our energy economy."

In a regulatory filing today, Microsoft said that a Russian intelligence group hacked into some of the company's top executives' email accounts. CNBC reports: Nobelium, the same group that breached government supplier SolarWinds in 2020, carried out the attack, which Microsoft detected last week, according to the company. The announcement comes after new U.S. requirements for disclosing cybersecurity incidents went into effect. A Microsoft spokesperson said that while the company does not believe the attack had a material impact, it still wanted to honor the spirit of the rules.

In late November, the group accessed "a legacy non-production test tenant account," Microsoft's Security Response Center wrote in the blog post. After gaining access, the group "then used the account's permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents," the corporate unit wrote. The company's senior leadership team, including finance chief Amy Hood and president Brad Smith, regularly meets with CEO Satya Nadella. Microsoft said it has not found signs that Nobelium had accessed customer data, production systems or proprietary source code.

The U.S. government and Microsoft consider Nobelium to be part of the Russian foreign intelligence service SVR. The hacking group was responsible for one of the most prolific breaches in U.S. history when it added malicious code to updates to SolarWinds' Orion software, which some U.S. government agencies were using. Microsoft itself was ensnared in the hack. Nobelium, also known as APT29 or Cozy Bear, is a sophisticated hacking group that has attempted to breach the systems of U.S. allies and the Department of Defense. Microsoft also uses the name Midnight Blizzard to identify Nobelium. It was also implicated alongside another Russian hacking group in the 2016 breach of the Democratic National Committee's systems.

An anonymous reader quotes a report from Ars Technica: On Thursday, UK's Government Communications Headquarters (GCHQ) announced the release of previously unseen images and documents related to Colossus, one of the first digital computers. The release marks the 80th anniversary of the code-breaking machines that significantly aided the Allied forces during World War II. While some in the public knew of the computers earlier (PDF), the UK did not formally acknowledge the project's existence until the 2000s.

Colossus was not one computer but a series of computers developed by British scientists between 1943 and 1945. These 2-meter-tall electronic beasts played an instrumental role in breaking the Lorenz cipher, a code used for communications between high-ranking German officials in occupied Europe. The computers were said to have allowed allies to "read Hitler's mind," according to The Sydney Morning Herald. The technology behind Colossus was highly innovative for its time. Tommy Flowers, the engineer behind its construction, used over 2,500 vacuum tubes to create logic gates, a precursor to the semiconductor-based electronic circuits found in modern computers. While 1945's ENIAC was long considered the clear front-runner in digital computing, the revelation of Colossus' earlier existence repositioned it in computing history. (However, it's important to note that ENIAC was a general-purpose computer, and Colossus was not.)

GCHQ's public sharing of archival documents includes several photos of the computer at different periods and a letter discussing Tommy Flowers' groundbreaking work that references the interception of "rather alarming German instructions." Following the war, the UK government issued orders for the destruction of most Colossus machines, and Flowers was required to turn over all related documentation. The GCHQ claims that the Colossus tech "was so effective, its functionality was still in use by us until the early 1960s." In the GCHQ press release, Director Anne Keast-Butler paid tribute to Colossus' place in the UK's lineage of technological innovation: "The creativity, ingenuity and dedication shown by Tommy Flowers and his team to keep the country safe were as crucial to GCHQ then as today."

Google announced today that it will invest $1 billion building a data center near London. Reuters reports: The data centre, located on a 33-acre (13-hectare) site bought by Google in 2020, will be located in the town of Waltham Cross, about 15 miles north of central London, the Alphabet-owned company said in a statement. The British government, which is pushing for investment by businesses to help fund new infrastructure, particularly in growth industries like technology and artificial intelligence, described Google's investment as a "huge vote of confidence" in the UK.

"Google's $1 billion investment is testament to the fact that the UK is a centre of excellence in technology and has huge potential for growth," Prime Minister Rishi Sunak said in the Google statement. The investment follows Google's $1 billion purchase of a central London office building in 2022, close to Covent Garden, and another site in nearby King's Cross, where it is building a new office and where its AI company DeepMind is also based. In November, Microsoft announced plans to pump $3.2 billion into Britain over the next three years.

Private equity firms are increasingly buying hospitals across the US, and when they do, patients suffer, according to two separate reports. Specifically, the equity firms cut corners, slash services, lay off staff, lower quality of care, take on substantial debt, and reduce charity care, leading to lower ratings and more medical errors, the reports collectively find. ArsTechnica: Last week, the financial watchdog organization Private Equity Stakeholder Project (PESP) released a report delving into the state of two of the nation's largest hospital systems, Lifepoint and ScionHealth -- both owned by private equity firm Apollo Global Management. Through those two systems, Apollo runs 220 hospitals in 36 states, employing around 75,000 people. The report found that some of Apollo's hospitals were among the worst in their respective states, based on a ranking by The Lown Institute Hospital Index. The index ranks hospitals and health systems based on health equity, value, and outcomes, PESP notes. The hospitals also have dismal readmission rates and government rankings.

The Center for Medicare and Medicaid Services (CMS) ranks hospitals on a one- to five-star system, with the national average of 3.2 stars overall and about 30 percent of hospitals at two stars or below. Apollo's overall average is 2.8 stars, with nearly 40 percent of hospitals at two stars or below. The other report, a study published in JAMA late last month, found that the rate of serious medical errors and health complications increases among patients in the first few years after private equity firms take over. The study examined Medicare claims from 51 private equity-run hospitals and 259 matched control hospitals. Specifically, the study, led by researchers at Harvard University, found that patients admitted to private equity-owned hospitals had a 25 percent increase in developing hospital-acquired conditions compared with patients in the control hospitals. In private equity hospitals, patients experienced a 27 percent increase in falls, a 38 percent increase in central-line bloodstream infections (despite placing 16 percent fewer central lines than control hospitals), and surgical site infections doubled.

Google researchers say they have evidence that a notorious Russian-linked hacking group -- tracked as "Cold River" -- is evolving its tactics beyond phishing to target victims with data-stealing malware. From a report: Cold River, also known as "Callisto Group" and "Star Blizzard," is known for conducting long-running espionage campaigns against NATO countries, particularly the United States and the United Kingdom. Researchers believe the group's activities, which typically target high-profile individuals and organizations involved in international affairs and defense, suggest close ties to the Russian state. U.S. prosecutors in December indicted two Russian nationals linked to the group.

Google's Threat Analysis Group (TAG) said in new research this week that it has observed Cold River ramping up its activity in recent months and using new tactics capable of causing more disruption to its victims, predominantly targets in Ukraine and its NATO allies, academic institutions and non-government organizations. These latest findings come soon after Microsoft researchers reported that the Russia-aligned hacking group had improved its ability to evade detection. In research shared with TechCrunch ahead of its publication on Thursday, TAG researchers say that Cold River has continued to shift beyond its usual tactic of phishing for credentials to delivering malware via campaigns using PDF documents as lures.

With NASA's Artemis moon program now targeting September 2025 for its Artemis 2 mission and September 2026 for Artemis 3, some members of Congress are concerned about the potential repercussions, particularly with China's growing ambitions in lunar exploration. "For the United States and its partners not to be on the moon when others are on the moon is unacceptable," said Mike Griffin, former NASA administrator. "We need a program that is consistent with that theme. Artemis is not that program. We need to restart it, not keep it on track." Space.com reports: The U.S. House of Representatives' Committee on Science, Space and Technology held a hearing about the new Artemis plan today (Jan. 17), and multiple members voiced concern about the slippage. "I remind my colleagues that we are not the only country interested in sending humans to the moon," Committee Chairman Frank Lucas (R-OK) said in his opening remarks. "The Chinese Communist Party is actively soliciting international partners for a lunar mission -- a lunar research station -- and has stated its ambition to have human astronauts on the surface by 2030," he added. "The country that lands first will have the ability to set a precedent for whether future lunar activities are conducted with openness and transparency, or in a more restricted manner."

The committee's ranking member, California Democrat Zoe Lofgren (D-CA), voiced similar sentiments. "Let me be clear: I support Artemis," she said in her opening remarks. "But I want it to be successful, especially with China at our heels. And we want to be helpful here in the committee in ensuring that Artemis is strong and staying on track as we look to lead the world, hand-in-hand with our partners, in the human exploration of the moon and beyond." Several other committee members stressed that the new moon race is part of a broader competition with China, and that coming in second could imperil U.S. national security.

"It's no secret that China has a goal to surpass the United States by 2045 as global leaders in space. We can't allow this to happen," Rich McCormick (R-GA) said during the hearing. "I think the leading edge that we have in space technology will protect the United States -- not just the economy, but technologies that can benefit humankind." And Bill Posey (R-FL) referred to space as the "ultimate military high ground," saying that whoever leads in the final frontier "will control the destiny of this Earth."

An anonymous reader shares a report: India has warned tech companies that it is prepared to impose bans if they fail to take active measures against deepfake videos, a senior government minister said, on the heels of warning by a well-known personality over a deepfake advertisement using his likeness to endorse a gaming app.

An increase in cyber attacks on the healthcare sector is jeopardising patient safety, and prompting some governments to publish new cyber security standards. From a report: Publicly disclosed global cyber security breaches between January and September last year showed that the healthcare sector suffered more attacks (241) than any other sector, ahead of government (147), and information technology including software, hardware and IT services (91), according to research by Omdia, a technology research provider. The most common type of cyber breach in healthcare was hacking, followed by supply chain attacks, "phishing" (where cyber criminals pose as legitimate organisations to trick people into disclosing passwords and payment details), and "ransomware," in which hackers use malicious software -- "malware" -- to encrypt data until the victim pays a ransom to unlock it.

"The healthcare sector is such a tempting target [for cyber security criminals] because ... you can put lives at risk," says James Lewis, a cyber security expert at the Center for Strategic and International Studies, a US think-tank. The UK's National Health Service has been hit by significant ransomware attacks. In 2017, the "WannaCry" attack is estimated to have cost the NHS $116.3mn and caused the cancellation of 19,000 patient appointments. Another hacking, in 2022, took down the non-emergency 111 service, and disrupted management systems for mental health services and emergency prescriptions.

OpenAI is working with the Pentagon on a number of projects including cybersecurity capabilities, a departure from the startup's earlier ban on providing its artificial intelligence to militaries. From a report: The ChatGPT maker is developing tools with the US Defense Department on open-source cybersecurity software, and has had initial talks with the US government about methods to assist with preventing veteran suicide, Anna Makanju, the company's vice president of global affairs, said in an interview at Bloomberg House at the World Economic Forum in Davos on Tuesday. The company had recently removed language in its terms of service banning its AI from "military and warfare" applications. Makanju described the decision as part of a broader update of its policies to adjust to new uses of ChatGPT and its other tools.

Papua New Guinea declared a two-week state of emergency following riots and multiple deaths, triggered by a payroll system error that incorrectly applied higher tax rates to government employees' salaries. The Register reports: The pacific nation recently extended COVID-era tax reductions into 2024, but the payroll system used for government employees was not configured correctly and in the first pay run of 2024 reverted to older and higher tax rates. Government workers were therefore taxed at a higher rate and their pay packets were around $100 less than expected -- about half the pay for many employees. That situation was misinterpreted as a surprise tax hike and some workers, including Police, went on strike to protest the situation.

Some saw the absence of law enforcement as an opportunity, and riots quickly spread across the city, accompanied by looting. Prime Minister James Marape described the situation as a "technical glitch," before later declaring a state of emergency that has seen troops stationed in the capital to restore order. Commissioner general of the Internal Revenue Commission, Sam Koin, apologized "for the loss of lives and properties during these regrettable and avoidable incidents."

An opinion piece in the Los Angeles Times imagines a world after "the largest coordinated deepfake attack in history... a steady flow of new deepfakes, mostly manufactured in Russia, North Korea, China and Iran." The breakthrough actually came in early 2026 from a working group of digital journalists from U.S. and international news organizations. Their goal was to find a way to keep deepfakes out of news reports... Journalism organizations formed the FAC Alliance — "Fact Authenticated Content" — based on a simple insight: There was already far too much AI fakery loose in the world to try to enforce a watermarking system for dis- and misinformation. And even the strictest labeling rules would simply be ignored by bad actors. But it would be possible to watermark pieces of content that deepfakes.

And so was born the voluntary FACStamp on May 1, 2026...

The newest phones, tablets, cameras, recorders and desktop computers all include software that automatically inserts the FACStamp code into every piece of visual or audio content as it's captured, before any AI modification can be applied. This proves that the image, sound or video was not generated by AI. You can also download the FAC app, which does the same for older equipment... [T]o retain the FACStamp, your computer must be connected to the non-profit FAC Verification Center. The center's computers detect if the editing is minor — such as cropping or even cosmetic face-tuning — and the stamp remains. Any larger manipulation, from swapping faces to faking backgrounds, and the FACStamp vanishes.

It turned out that plenty of people could use the FACStamp. Internet retailers embraced FACStamps for videos and images of their products. Individuals soon followed, using FACStamps to sell goods online — when potential buyers are judging a used pickup truck or secondhand sofa, it's reassuring to know that the image wasn't spun out or scrubbed up by AI.
The article envisions the world of 2028, with the authentication stamp appearing on everything from social media posts to dating app profiles: Even the AI industry supports the use of FACStamps. During training runs on the internet, if an AI program absorbs excessive amounts of AI-generated rather than authentic data, it may undergo "model collapse" and become wildly inaccurate. So the FACStamp helps AI companies train their models solely on reality. A bipartisan group of senators and House members plans to introduce the Right to Reality Act when the next Congress opens in January 2029. It will mandate the use of FACStamps in multiple sectors, including local government, shopping sites and investment and real estate offerings. Counterfeiting a FACStamp would become a criminal offense. Polling indicates widespread public support for the act, and the FAC Alliance has already begun a branding campaign.
But all this leaves Slashdot reader Bruce66423 with a question. "Is it really technically possible to achieve such a clear distinction, or would, in practice, AI be able to replicate the necessary authentication?"

Last April the Python Software Foundation warned that Europe's proposed Cyber Resilience Act jeopardized their organization and "the health of the open-source software community" with overly broad policies that "will unintentionally harm the users they are intended to protect."

They'd worried that the Python Software Foundation could incur financial liabilities just for hosting Python and its PyPI package repository due to the proposed law's attempts to penalize cybersecurity lapses all the way upstream. But a new blog post this week cites some improvements: We asked for increased clarity, specifically:

"Language that specifically exempts public software repositories that are offered as a public good for the purpose of facilitating collaboration would make things much clearer. We'd also like to see our community, especially the hobbyists, individuals and other under-resourced entities who host packages on free public repositories like PyPI be exempt."


The good news is that CRA text changed a lot between the time the open source community — including the PSF — started expressing our concerns and the Act's final text which was cemented on December 1st. That text introduces the idea of an "open source steward."

"'open-source software steward' means any legal person, other than a manufacturer, which has the purpose or objective to systematically provide support on a sustained basis for the development of specific products with digital elements qualifying as free and open-source software that are intended for commercial activities, and ensures the viability of those products;" (p. 76)


[...] So are we totally done paying attention to European legislation? Ah, while it would be nice for the Python community to be able to cross a few things off our to-do list, that's not quite how it works. Firstly, the concept of an "open source steward" is a brand new idea in European law. So, we will be monitoring the conversation as this new concept is implemented or interacts with other bits of European law to make sure that the understanding continues to reflect the intent and the realities of open source development. Secondly, there are some other pieces of legislation in the works that may also impact the Python ecosystem so we will be watching the Product Liability Directive and keeping up with the discussion around standard-essential patents to make sure that the effects on Python and open source development are intentional (and hopefully benevolent, or at least benign.)

johnnyb (Slashdot reader #4,816) is a senior software R&D engineer who shares his proposed framework for "what AI legislation should cover, what policy goals it should aim to achieve, and what we should be wary of along the way." Some excerpts?

Protect Content Consumers from AI
The government should legislate technical and visual markers for AI-generated content, and the FTC should ensure that consumers always know whether or not there is a human taking responsibility for the content. This could be done by creating special content markings which communicate to users that content is AI-generated... This will enable Google to do things such as allow users to not include AI content when searching. It will enable users to detect which parts of their content are AI-generated and apply the appropriate level of skepticism. And future AI language models can also use these tags to know not to consume AI-generated content...

Ensure Companies are Clear on Who's Taking Responsibility
It's fine for a software product to produce a result that the software company views as advisory only, but it has to be clearly marked as such. Additionally, if one company includes the software built by another company, all companies need to be clear as to which outputs are derived from identifiable algorithms and which outputs are the result of AI. If the company supplying the component is not willing to stand behind the AI results that are produced, then that needs to be made clear.

Clarify Copyright Rules on Content Used in Models

Note that nothing here limits the technological development of Artificial Intelligence... The goal of these proposals is to give clarity to all involved what the expectations and responsibilities of each party are.
OpenAI's Sam Altman has also been pondering this, but on a much larger scale. In a (pre-ouster) interview with Bill Gates, Altman pondered what happens at the next level.

That is, what happens "If we are right, and this technology goes as far as we think it's going to go, it will impact society, geopolitical balance of power, so many things..." [F]or these, still hypothetical, but future extraordinarily powerful systems — not like GPT- 4, but something with 100,000 or a million times the compute power of that, we have been socialized in the idea of a global regulatory body that looks at those super-powerful systems, because they do have such global impact. One model we talk about is something like the IAEA. For nuclear energy, we decided the same thing. This needs a global agency of some sort, because of the potential for global impact. I think that could make sense...

I think if it comes across as asking for a slowdown, that will be really hard. If it instead says, "Do what you want, but any compute cluster above a certain extremely high-power threshold" — and given the cost here, we're talking maybe five in the world, something like that — any cluster like that has to submit to the equivalent of international weapons inspectors. The model there has to be made available for safety audit, pass some tests during training, and before deployment. That feels possible to me. I wasn't that sure before, but I did a big trip around the world this year, and talked to heads of state in many of the countries that would need to participate in this, and there was almost universal support for it.

jd (Slashdot reader #1,658) shared this story from BleepingComputer. The article notes that "Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys."

jd explains that Crystals-Kyber "was chosen to be the U.S. government's post-quantum cryptography system of choice last year, but a side-channel attack has been identified. But in the article, NIST says that this is an implementation-specific attack (the reference implementation) and not a vulnerability in Kyber itself."

From the article: CRYSTALS-Kyber is the official implementation of the Kyber key encapsulation mechanism (KEM) for quantum-safe algorithm (QSA) and part of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. It is designed for general encryption... The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process, allowing attackers to analyze the execution time and derive secrets that could compromise the encryption. If a service implementing Kyber allows multiple operation requests towards the same key pair, an attacker can measure timing differences and gradually compute the secret key...

In a KyberSlash1 demo on a Raspberry Pi system, the researchers recovered Kyber's secret key from decryption timings in two out of three attempts...

On December 30, KyberSlash2 was patched following its discovery and responsible reporting by Prasanna Ravi, a researcher at the Nanyang Technological University in Singapore, and Matthias Kannwischer, who works at the Quantum Safe Migration Center.

Friday America's Environmental Protection Agency "proposed steep new fees on methane emissions from oil and gas facilities," reports the Washington Post, "escalating a crackdown on the fossil fuel industry's planet-warming pollution."

Methane does not linger in the atmosphere as long as carbon dioxide, but it is far more effective at trapping heat — roughly 80 times more potent in its first decade. It is responsible for roughly a third of global warming today, and the oil and gas industry accounts for about 14 percent of the world's annual methane emissions, according to estimates from the International Energy Agency. Other large methane sources include livestock, landfills and coal mines.
So America's new Methane Emissions Reduction Program "levies a fee on wasteful methane emissions from large oil and gas facilities," according to the article: The fee starts at $900 per metric ton of emissions in 2024, increasing to $1,200 in 2025 and $1,500 in 2026 and thereafter. The EPA proposal lays out how the fee will be implemented, including how the charge will be calculated...

At the U.N. Climate Change Conference in Dubai in December, EPA Administrator Michael Regan announced final standards to limit methane emissions from U.S. oil and gas operations. Fossil fuel companies that comply with these standards will be exempt from the new fee... Fred Krupp, president of the Environmental Defense Fund, said the fee will encourage fossil fuel firms to deploy innovative technologies that detect methane leaks. Such cutting-edge technologies range from ground-based sensors to satellites in space. "Proven solutions to cut oil and gas methane and to avoid the fee are being used by leading companies in states across the country," Krupp said in a statement...

In addition to methane, the EPA proposal could slash emissions of hazardous air pollutants, including smog-forming volatile organic compounds and cancer-causing benzene [according to an EPA official].
The federal government also gave America's fossil fuel companies nearly $1 billion to help them comply with the methane regulation, according to the article.

The article also includes this statement from an executive at the American Petroleum Institute, the top lobbying arm of the U.S. oil and gas industry, complaining that the fines create a "regime" that would "stifle innovation," and urging Congress to repeal it.

An anonymous reader quotes a report from the New York Times: The trailer for "Annapoorani: The Goddess of Food" promised a sunny if melodramatic story of uplift in a south Indian temple town. A priest's daughter enters a cooking tournament, but social obstacles complicate her inevitable rise to the top. Annapoorani's father, a Brahmin sitting at the top of Hindu society's caste ladder, doesn't want her to cook meat, a taboo in their lineage. There is even the hint of a Hindu-Muslim romantic subplot. On Thursday, two weeks after the movie premiered, Netflix abruptly pulled it from its platform. An activist, Ramesh Solanki, a self-described "very proud Hindu Indian nationalist," had filed a police complaint arguing that the film was "intentionally released to hurt Hindu sentiments." He said it mocked Hinduism by "depicting our gods consuming nonvegetarian food."

The production studio quickly responded with an abject letter to a right-wing group linked to the government of Prime Minister Narendra Modi, apologizing for having "hurt the religious sentiments of the Hindus and Brahmins community." The movie was soon removed from Netflix both in India and around the world, demonstrating the newfound power of Hindu nationalists to affect how Indian society is depicted on the screen. Nilesh Krishnaa, the movie's writer and director, tried to anticipate the possibility of offending some of his fellow Indians. Food, Brahminical customs and especially Hindu-Muslim relations are all part of a third rail that has grown more powerfully electrified during Mr. Modi's decade in power. But, Mr. Krishnaa told an Indian newspaper in November, "if there was something disturbing communal harmony in the film, the censor board would not have allowed it."

With "Annapoorani," Netflix appears to have in effect done the censoring itself even when the censor board did not. In other cases, Netflix now seems to be working with the board unofficially, though streaming services in India do not fall under the regulations that govern traditional Indian cinema. For years, Netflix ran unredacted versions of Indian films that had sensitive parts removed for their theatrical releases -- including political messages that contradicted the government's line. Since last year, though, the streaming versions of movies from India match the versions that were censored locally, no matter where in the world they are viewed. [...] Nikhil Pahwa, a co-founder of the Internet Freedom Foundation, thinks the streaming companies are ready to capitulate: "They're unlikely to push back against any kind of bullying or censorship, even though there is no law in India" to force them.