EU

China and EU To Hold Talks On Electric Car Tariffs (bbc.com) 47

Top officials from the European Union and China agreed to negotiate a planned series of import taxes on Chinese electric vehicles. "The call marks the first time the two sides have agreed to negotiate since the EU threatened China with electric vehicle (EV) tariffs of up to 38%," reports the BBC. From the report: The EU said Chinese EVs were unfairly subsidised by its government. In response, China accused the EU of protectionism and trade rule breaches. An EU spokesperson told the BBC the call between Trade Commissioner Valdis Dombrovskis and his Chinese counterpart Wang Wentao was "candid and constructive." They said the two sides would "continue to engage at all levels in the coming weeks." However, the spokesperson also doubled down on the EU's opposition to how the Chinese EV industry is funded. They said "any negotiated outcome" to the proposed tariffs must address the "injurious subsidisation" of Chinese EVs.

China released a similar statement on Saturday and made clear it still disagreed with the EU. As well as its call with the EU, Mr Wang met German Vice-Chancellor and Federal Minister for Economic Affairs and Climate Action Robert Habeck on Saturday. In a Facebook post about the meeting, China's Ministry of Commerce said it had told Mr Habeck about its "firm opposition" to the tariffs. It repeated its threat to file a lawsuit with the World Trade Organization (WTO) "to firmly defend its legitimate rights and interests."

Germany has also expressed criticism of the tariffs. When the EU first proposed them last week following its investigation of Chinese EVs in the trading bloc, Germany's Transport Minister, Volker Wissing, said the move risked a "trade war" with Beijing. "The European Commission's punitive tariffs hit German companies and their top products," he wrote on X, formerly known as Twitter, at the time. The European car industry has been critical too. Stellantis - which owns Citroen, Peugeot, Vauxhall, Fiat, and several other brands - said it did not support measures that "contribute to the world fragmentation [of trade]."

Government

Amazon Retaliated After Employee Walkout Over Return-to-Office Policy, Says NLRB (theverge.com) 78

America's National Labor Relations Board "has filed a complaint against Amazon..." reports the Verge, "that alleges the company 'unlawfully disciplined and terminated an employee' after they assisted in organizing walkouts last May in protest of Amazon's new return-to-work [three days per week] directives, issued early last year." [T]housands of Amazon employees signed petitions against the new mandate and staged a walkout several months later. Despite the protests and pushback, according to a report by Insider, in a meeting in early August 2023, Jassy reaffirmed the company's commitment to employees returning to the office for the majority of the week.

The NLRB complaint alleges Amazon "interrogated" employees about the walkout using its internal Chime system. The employee was first put on a performance improvement plan by Amazon following their organizing efforts for the walkout and later "offered a severance payment of nine weeks' salary if the employee signed a severance agreement and global release in exchange for their resignation." According to the NLRB's lawyers, all of that was because the employee engaged in organizing, and the retaliation was intended to discourage "...protected, concerted activities...."

The NLRB's general counsel is seeking several different forms of remediation from Amazon, including reimbursement for the employee's "financial harms and search-for-work and work related expenses," a letter of apology, and a "Notice to Employees" that must be physically posted at the company's facilities across the country, distributed electronically, and read by an Amazon rep at a recorded videoconference.

Amazon says their actions were entirely unrelated to the workers activism against their return-to-work policies. An Amazon spokesperson told the Verge that instead, the employee "consistently underperformed over a period of nearly a year and repeatedly failed to deliver on projects she was assigned. Despite extensive support and coaching, the former employee was unable to improve her performance and chose to leave the company."
Electronic Frontier Foundation

EFF: New License Plate Reader Vulnerabilties Prove The Tech Itself is a Public Safety Threat (eff.org) 97

Automated license plate readers "pose risks to public safety," argues the EFF, "that may outweigh the crimes they are attempting to address in the first place." When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and "fingerprinting" their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions' Vigilant ALPRs, including missing encryption and insufficiently protected credentials...

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems... Because drivers don't have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It's a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies "are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel," even though "the potential for harm from external factors is substantial." That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks "targeting U.S. public safety organizations increased by 142 percent" in 2023.

Yet, the temptation to "collect it all" continues to overshadow the responsibility to "protect it all." What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs... If there's one positive thing we can say about the latest Vigilant vulnerability disclosures, it's that for once a government agency identified and reported the vulnerabilities before they could do damage... The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities...

But a data breach isn't the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.

The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

"They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all."
Security

Linux Foundation's 'Open Source Security Foundation' Launches New Threat Intelligence Mailing List (openssf.org) 4

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...

OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...
United Kingdom

Microsoft Admits No Guarantee of Sovereignty For UK Policing Data (computerweekly.com) 88

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked".

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

Earth

Youth Plaintiffs In Hawaii Reach Historic Climate Deal 102

Justine Calma writes via The Verge: A group of young plaintiffs reached a historic climate settlement with the state of Hawaii and Hawaii Department of Transportation in a deal that will push the state to clean up tailpipe pollution. The 13 youth plaintiffs filed suit in 2022 when they were all between the ages of 9 and 18. In the suit, Navahine F. v. Hawaii Department of Transportation (HDOT), they alleged that the state and HDOT had violated their right to "a clean and healthful environment," which is enshrined in Hawaii's constitution.

The settlement (PDF), reached on Thursday, affirms that right and commits the DOT to creating a plan to reach zero greenhouse gas emissions from transportation by 2045. To hit that goal, the state will have to dedicate at least $40 million to building out its EV charging network by the end of the decade and complete new pedestrian, bicycle, and transit networks over the next five years. The settlement also creates a new unit within HDOT tasked with coordinating CO2 emission reductions and a volunteer youth council to advise HDOT.

This is the first settlement agreement in which "government defendants have decided to resolve a constitutional climate case in partnership with youth plaintiffs," according to nonprofit legal groups Our Children's Trust and Earthjustice, which represent the plaintiffs. Back in 2018, Hawaii committed to reaching net-zero carbon dioxide emissions by 2045 -- in line with what climate research determined was necessary to meet the Paris climate accord goal of stopping global warming. But the state wasn't doing enough to reach that goal, the plaintiffs alleged. Transportation makes up the biggest chunk of the state's greenhouse gas pollution.
Justine Calma is a senior science reporter covering energy and the environment with more than a decade of experience. She is also the host of Hell or High Water: When Disaster Hits Home, a podcast from Vox Media and Audible Originals.
The Almighty Buck

Why Going Cashless Has Turned Sweden Into a High-Crime Nation (fortune.com) 167

An anonymous reader quotes a report from Fortune: Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linkoping in Sweden discovered she'd been robbed. Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID -- the ubiquitous digital authorization system used by nearly all Swedish adults.After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows. "The fraudsters are so skilled at making things look legitimate," said Bagley, who was born after BankID was created. "It's not easy" to identify scams. Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it's become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it's gone further on ditching paper money than almost any other country in Europe.

Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden's criminal economy could amount to as high as 2.5% of the country's gross domestic product. To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it's a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.Using complex webs of fake companies and forging documents to gain access to Sweden's welfare system, sophisticated fraudsters have made Sweden a "Silicon Valley for criminal entrepreneurship," said Daniel Larson, a senior economic crime prosecutor. While the shock of armed violence has grabbed public attention -- the nation's gun-homicide rate tripled between 2012 and 2022 -- economic crime underlies gang activity and needs to be tackled as aggressively, he added. "That has been a strategic mistake," Larson said. "This profit-generating crime is what's fueling organized crime and, in some cases, leads to these conflicts."

Sweden's switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe's lowest number of ATMs per capita, according to the IMF. The prevalence of BankID play a role in Sweden's vulnerability. The system works like an online signature. If used, it's considered a done deal and the transaction gets executed immediately. It was designed by Sweden's banks to make electronic payments even quicker and easier than handing over a stack of bills. Since it's original rollout in 2001, it's become part of the everyday Swedish life. On average, the service -- which requires a six-digit code, a fingerprint or a face scan for authentication -- is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden's tax agency adopted the technology as an identification for tax returns, giving it the government's official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.The country's central bank has acknowledged that some of those connotations may have gone too far. "We have to be very clear that there are still honest people using cash," Riksbank Governor Erik Thedeen told Bloomberg.

Canada

Ontario Science Center To Close Immediately Over Roof Collapse Risk (www.cbc.ca) 24

The Ontario Science Center, a world-class science and cultural institution in Toronto, is shutting down immediately due to the risk that the building's roof could collapse, the province announced Friday. CBC News: The abrupt closure, which the province says could last years, comes after the government's controversial announcement in 2023 that the popular landmark and attraction would be moved to the Ontario Place site -- a move it says will save costs. "The actions taken today will protect the health and safety of visitors and staff," said Infrastructure Minister Kinga Surma in a news release. "We are making every effort to avoid disruption to the public and help the Ontario Science Centre continue delivering on its mandate."

An engineering report this week by Rimkus Consulting Group showed each of the centre's three buildings contain roof panels in a "distressed, high-risk" condition, the Ministry of Infrastructure said in a news release. The panels require fixing by Oct. 31, 2024 to "avoid further stress due to potential snow load which could lead to roof panel failure," the release said. Fixing the roof will cost between $22 million and $40 million, the ministry said, requiring the centre be closed for up to two years. "These estimates are incomplete and subject to change," said the ministry, noting the costs make up only a "small portion" of the funding needed to keep the science centre open. The government says the centre needs $478 million to tackle its "failing infrastructure" and sustain programming.

Social Networks

TikTok Confirms It Offered US Government a 'Kill Switch' (bbc.com) 36

TikTok revealed it offered the U.S. government a "kill switch" in 2022 to address data protection and national security concerns, allowing the government to shut down the platform if it violated certain rules. The disclosure was made as it began its legal fight against legislation that will require ByteDance to divest TikTok's U.S. assets or face a ban. The BBC reports: "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," they argued in their legal submission. They also claimed the US government refused to engage in any serious settlement talks after 2022, and pointed to the "kill switch" offer as evidence of the lengths they had been prepared to go.

TikTok says the mechanism would have allowed the government the "explicit authority to suspend the platform in the United States at the US government's sole discretion" if it did not follow certain rules. A draft "National Security Agreement", proposed by TikTok in August 2022, would have seen the company having to follow rules such as properly funding its data protection units and making sure that ByteDance did not have access to US users' data. The "kill switch" could have been triggered by the government if it broke this agreement, it claimed.

In a letter - first reported by the Washington Post - addressed to the US Department of Justice, TikTok's lawyer alleges that the government "ceased any substantive negotiations" after the proposal of the new rules. The letter, dated 1 April 2024, says the US government ignored requests to meet for further negotiations. It also alleges the government did not respond to TikTok's invitation to "visit and inspect its Dedicated Transparency Center in Maryland."
Further reading: TikTok Says US Ban Inevitable Without a Court Order Blocking Law
Robotics

Public Servants Uneasy As Government 'Spy' Robot Prowls Federal Offices (www.cbc.ca) 72

An anonymous reader quotes a report from CBC News: A device federal public servants call "the little robot" began appearing in Gatineau office buildings in March. It travels through the workplace to collect data using about 20 sensors and a 360-degree camera, according to Yahya Saad, co-founder of GlobalDWS, which created the robot. "Using AI on the robot, the camera takes the picture, analyzes and counts the number of people and then discards the image," he said. Part of a platform known as VirBrix, the robot also gathers information on air quality, light levels, noise, humidity, temperature and even measures CO2, methane and radon gas. The aim is to create a better work environment for humans -- one that isn't too hot, humid or dim. Saad said that means more comfortable and productive employees. The technology can also help reduce heating, cooling and hydro costs, he said. "All these measures are done to save on energy and reduce the carbon footprint," Saad explained. After the pilot program in March, VirBrix is set to return in July and October, and the government hasn't ruled out extending its use. It's paying $39,663 to lease the robot for two years.

Bruce Roy, national president of the Government Services Union, called the robot's presence in federal workplaces "intrusive" and "insulting." "People feel observed all the time," he said in French. "It's a spy. The robot is a spy for management." Roy, whose union represents more than 12,000 federal workers across several departments, said the robot is unnecessary because the employer already has ways of monitoring employee attendance and performance. "We believe that one of the robot's tasks is to monitor who is there and who is not," he said. "Folks say, why is there a robot here? Doesn't my employer trust that I'm here and doing my work properly?" [...] Jean-Yves Duclos, the minister of public services and procurement, said the government is instead using the technology as it looks to cut its office space footprint in half over the coming years. "These robots, as we call them, these sensors observe the utilization of office space and will be able to give us information over the next few years to better provide the kind of workplace employees need to do their job," Duclos said in French. "These are totally anonymous methods that allow us to evaluate which spaces are the most used and which spaces are not used, so we can better arrange them."
"In those cases we keep the images, but the whole body, not just the face, the whole body of the person is blurred," said Saad. "These are exceptional cases where we need to keep images and then the images would be handed over to the client."

The data is then stored on a server on Canadian soil, according to GlobalDWS.
Power

Sweden Rejects a New Electrical Interconnection With Germany (enerdata.net) 103

sonlas writes: Germany's energy transition plan includes extensive interconnection projects to distribute its intermittent renewable energy production. However, these projects face significant challenges. The latest example is Sweden. One such project, Hansa PowerBridge, announced in 2017, intended to link Germany and Sweden via a 300 km HVDC line through the Baltic Sea. This 700 MW project, estimated at 600 million euro, aimed to stabilize Germany's volatile electricity prices. However, on June 14, 2024, Sweden rejected the project, citing incompatibility between the countries' electricity systems. The connection would link northern Germany to southern Sweden, an area with insufficient infrastructure. Concerns also arose about the volatile German market disrupting Sweden's and increasing local prices. Energy Minister Ebba Busch justified this decision by saying the German market is currently not efficient enough and a connection would risk leading to higher prices and a more unstable electricity market in southern Sweden.

This highlights the difficulty Germany faces with its Energiewende, or energy transition model. This model leads to erratic electricity price behaviors and significant challenges in balancing production capacities. While a possible solution for Germany lies in interconnection with neighboring countries, the examples of Norway (which cancelled the NorGer project too) and Sweden show that from the perspective of these neighbors, it looks more like an "export of German problems" rather than a solution.

The Internet

Statewide 911 Outage Was Caused By 911 Vendor's Malfunctioning Firewall (arstechnica.com) 35

An anonymous reader quotes a report from Ars Technica: A 911 vendor's malfunctioning firewall caused a statewide outage in the emergency calling system in Massachusetts on Tuesday afternoon, the state government said. A Massachusetts government press release issued yesterday said the state's 911 vendor, Comtech, "has advised State 911 that they have applied a technical solution to ensure that this does not happen again." "A preliminary investigation conducted by the State 911 Department and Comtech determined that the outage was the result of a firewall, a safety feature that provides protection against cyberattacks and hacking," the announcement said. "The firewall prevented calls from getting to the 911 dispatch centers, also known as Public Safety Answer Points (PSAPs)."

Comtech's initial review "confirmed that the interruption was not the result of a cyberattack or hack," but "the exact reason the firewall stopped calls from reaching dispatch centers remains under review," the state said. A full review is continuing. The 911 outage lasted two hours. Shortly after it began, the State 911 Department alerted local law enforcement and issued a statewide emergency alert to residents advising them to call their local public safety business line directly if they had an emergency. "Although some calls may not have gone through, the system allows dispatch centers to identify the phone number of callers and return those calls. The Department has not received any reports of emergencies impacted during the interruption," the Massachusetts announcement said. State 911 Department Executive Director Frank Pozniak promised that the department "will take all necessary steps to prevent a future occurrence." Massachusetts has 204 Public Safety Answering Points that received an average of 8,800 calls, combined, per day in 2023.
In case of a 911 outage, an internet user recommends everyone save their local dispatch number in their contacts. You can also use these methods to reach emergency services:

- Call the non-emergency police line in your area.
- Use alternative numbers to reach first responders, such as the direct line to the local police or county sheriff's office.
- Use a landline, Wi-Fi calling or another cell carrier if a cellular service issue is responsible for the 911 outage.
- Send a text to 911, if the service is available in your area. The Federal Trade Commission (FCC) provides a list of areas currently supporting Text-to-911 on its website.

If calls from landlines to 911 and their non-emergency hotline are not working, police departments can still see the numbers of those who called from cell phones and call them back as soon as possible, notes WTOL.
Social Networks

TikTok Says US Ban Inevitable Without a Court Order Blocking Law 110

TikTok and Chinese parent ByteDance on Thursday urged a U.S. court to strike down a law they say will ban the popular short app in the United States on Jan. 19, saying the U.S. government refused to engage in any serious settlement talks after 2022. From a report: Legislation signed in April by President Joe Biden gives ByteDance until Jan. 19 of next year to divest TikTok's U.S. assets or face a ban on the app used by 170 million Americans. ByteDance says a divestiture is "not possible technologically, commercially, or legally."

The U.S. Court of Appeals for the District of Columbia will hold oral arguments on lawsuits filed by TikTok and ByteDance along with TikTok users on Sept. 16. TikTok's future in the United States may rest on the outcome of the case which could impact how the U.S. government uses its new authority to clamp down on foreign-owned apps. "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," ByteDance and TikTok argue in asking the court to strike down the law.
United States

Biden To Ban US Sales of Kaspersky Software Over Ties To Russia (reuters.com) 124

The Biden administration on Thursday will announce plans to bar the sale of Kaspersky Lab's antivirus software in the United States, citing the firm's large U.S. customers including critical infrastructure providers and state and local governments, according to Reuters. From the report: The company's close ties to the Russian government were found to pose a critical risk, the person said, adding that the software's privileged access to a computer's systems could allow it to steal sensitive information from American computers, install malware or withhold critical updates. The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add the company to a trade restriction list, according to two other people familiar with the matter, dealing a blow to the firm's reputation that could hammer its overseas sales.

The plan to add the cybersecurity company to the entity list, which effectively bars a company's U.S. suppliers from selling to it, and the timing and details of the software sales curb, have not been previously reported. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government. The moves show the administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.

Education

Britain's Universities in Existential Crisis? (prospectmagazine.co.uk) 229

Britain's university sector, a key contributor to the country's economy and global standing, is facing an unprecedented crisis that threatens its very existence, according to an analysis by Glen O'Hara, a professor of modern and contemporary history at Oxford Brookes University. Despite collectively generating over $61.1 billion in annual income and $28 billion in export earnings, universities across the UK are grappling with declining funding, widespread cuts, and internal divisions. The sector's annual losses stand at $2.55 billion, with one in four universities in the red.

Job cuts have become a daily occurrence, with institutions such as Coventry, Goldsmith's, Kent, and Lincoln slashing staff numbers. The downsizing is primarily occurring through retirements and voluntary severance schemes, but the long-term outlook remains bleak. Experts cited in an analysis by Prospect magazine warn that without fundamental re-engineering and strategic direction, the sector risks a gradual decline, with some universities potentially facing bankruptcy. The government's focus on the "culture wars" has further divided the public from their local campuses, while the real crisis lies in the finance and organization of the sector.

The frozen tuition fees for home students, coupled with unpredictable inflation, have left universities struggling to cover costs. Attempts to offset losses by recruiting more students in cheaper-to-teach subjects and attracting international students have reached their limits, with the latter now in decline. As the next government grapples with this crisis, stopgap measures such as small funding injections, slight fee increases, and encouraging university mergers may provide temporary relief.
AMD

AMD Is Investigating Claims That Company Data Was Stolen In Hack (hackread.com) 6

AMD said on Tuesday it was looking into claims that company data was stolen in a hack by a cybercriminal organization called "Intelbroker". "The alleged intrusion, which took place in June 2024, reportedly resulted in the theft of a significant amount of sensitive information, spanning across various categories," reports Hackread. From the report: In a recent post on Breach Forums, IntelBroker detailed the extent of the compromised data. The hacker claims to have accessed information related to the following records: ROMs, Firmware, Source code, Property files, Employee databases, Customer databases, Financial information, Future AMD product plans, and Technical specification sheets. The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions. He advises interested buyers to message him with their offers.

The reputation of IntelBroker in the cybersecurity community is one of significant concern, given the scale and sensitivity of the targeted entities in previous hacks. The hacker's past exploits include breaches of: Europol, Tech in Asia, Space-Eyes, Home Depot, Facebook Marketplace, U.S. contractor Acuity Inc., Staffing giant Robert Half, Los Angeles International Airport, and Alleged breaches of HSBC and Barclays Bank. Although the hacker's origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

The Internet

An Effort To Fund an Internet Subsidy Program Just Got Thwarted Again (theverge.com) 18

Bipartisan agreement on government internet subsidies seems unlikely as Democrats and Republicans propose conflicting bills to reauthorize the FCC's spectrum auctions. The Democratic bill aims to fund the now-defunct Affordable Connectivity Program, while the Republican version does not. "While some Republicans supported earlier efforts to extend the subsidy program, those efforts did not go through in time to keep it from ending," notes The Verge. From the report: The Senate Commerce Committee canceled a Tuesday morning markup meeting in which it was set to consider the Spectrum and National Security Act, led by committee chair Maria Cantwell (D-WA). When she introduced it in April, Cantwell said the bill would provide $7 billion to continue funding the Affordable Connectivity Program (ACP), the pandemic-era internet subsidy for low-income Americans that officially ran out of money and ended at the end of May. The main purpose of the bill is to reauthorize the Federal Communications Commission's authority to run auctions for spectrum. The proceeds from spectrum auctions are often used to fund other programs. In addition to the ACP, Cantwell's bill would also fund programs including incentives for domestic chip manufacturing and a program that seeks to replace telecommunications systems that have been deemed national security concerns. The markup was already postponed several times before.

Cantwell blamed Sen. Ted Cruz (R-TX), the top Republican on the Senate Commerce Committee, for standing in the way of the legislation. "We had a chance to secure affordable broadband for millions of Americans, but Senator Cruz said 'no,'" Cantwell said in a statement late Monday. "He said 'no' to securing a lifeline for millions of Americans who rely on the Affordable Connectivity Program to speak to their doctors, do their homework, connect to their jobs, and stay in touch with loved ones -- including more than one million Texas families." In remarks on the Senate floor on Tuesday, Cantwell said her Republican colleagues on the committee offered amendments to limit the ACP funding in the bill. She said the ACP shouldn't be a partisan issue and stressed the wide range of Americans who've relied on the program for high-speed connections, including elderly people living on fixed incomes and many military families. "I hope my colleagues will stop with obstructing and get back to negotiating on important legislation that will deliver these national security priorities and help Americans continue to have access to something as essential as affordable broadband," she said.

Cruz has his own spectrum legislation with Sen. John Thune (R-SD) that would reauthorize the FCC's spectrum auction authority, with a focus on expanding commercial access to mid-band spectrum, commonly used for 5G. But it doesn't have the same ACP funding mechanism. Some large telecom industry players prefer Cruz's bill, in part because it allows for exclusive licensing. Wireless communications trade group CTIA's SVP of government affairs, Kelly Cole, told Fierce Network that the Cruz bill "is a better approach because it follows the historical precedent set by prior bipartisan legislation to extend the FCC's auction authority." But other tech groups like the Internet Technology Industry Council (ITI), which represents companies including Amazon, Apple, Google, and Meta, support Cantwell's bill, in part because of the programs it seeks to fund.

Earth

Kenya's First Nuclear Plant Faces Fierce Opposition (theguardian.com) 127

An anonymous reader quotes a report from The Guardian: Kilifi County's white sandy beaches have made it one of Kenya's most popular tourist destinations. Hotels and beach bars line the 165 mile-long (265km) coast; fishers supply the district's restaurants with fresh seafood; and visitors spend their days boating, snorkelling around coral reefs or bird watching in dense mangrove forests. Soon, this idyllic coastline will host Kenya's first nuclear plant, as the country, like its east African neighbour Uganda, pushes forward with atomic energy plans. The proposals have sparked fierce opposition in Kilifi. In a building by Mida Creek, a swampy bayou known for its birdlife and mangrove forests, more than a dozen conservation and rights groups meet regularly to discuss the proposed plant.

"Kana nuclear!" Phyllis Omido, an award-winning environmentalist who is leading the protests, tells one such meeting. The Swahili slogan means "reject nuclear", and encompasses the acronym for the Kenya Anti-Nuclear Alliance who say the plant will deepen Kenya's debt and are calling for broader public awareness of the cost. Construction on the power station is expected to start in 2027, with it due to be operational in 2034. "It is the worst economic decision we could make for our country," says Omido, who began her campaign last year. A lawsuit filed in the environmental court by lawyers Collins Sang and Cecilia Ndeti in July 2023 on behalf of Kilifi residents, seeks to stop the plant, arguing that the process has been "rushed" and was "illegal", and that public participation meetings were "clandestine". They argue the Nuclear Power and Energy Agency (Nupea) should not proceed with fixing any site for the plant before laws and adequate safeguards are in place. Nupea said construction would not begin for years, that laws were under discussion and that adequate public participation was being carried out. Hearings are continuing to take place.

In November, people in Kilifi filed a petition with parliament calling for an inquiry. The petition, sponsored by the Centre for Justice Governance and Environmental Action (CJGEA), a non-profit founded by Omido in 2009, also claimed that locals had limited information on the proposed plant and the criteria for selecting preferred sites. It raised concerns over the risks to health, the environment and tourism in the event of a nuclear spill, saying the country was undertaking a "high-risk venture" without proper legal and disaster response measures in place. The petition also flagged concerns over security and the handling of radioactive waste in a nation prone to floods and drought. The senate suspended (PDF) the inquiry until the lawsuit was heard. "If we really have to invest in nuclear, why can't [the government] put it in a place that does not cause so much risk to our ecological assets?" says Omido. "Why don't they choose an area that would not mean that if there was a nuclear leak we would lose so much as a country?" Peter Musila, a marine scientist who monitors the impacts of global heating on coral reefs, fears that a nuclear power station will threaten aquatic life. The coral cover in Watamu marine national reserve, a protected area near Kilifi's coast, has improved over the last decade and Musila fears progress could be reversed by thermal pollution from the plant, whose cooling system would suck large amounts of water from the ocean and return it a few degrees warmer, potentially killing fish and the micro-organisms such as plankton, which are essential for a thriving aquatic ecosystem. "It's terrifying," says Musila, who works with the conservation organisation A Rocha Kenya. "It could wreak havoc."
Nupea, for its part, "published an impact assessment report last year that recommended policies be put in place to ensure environmental protections, including detailed plans for the handling of radioactive waste; measures to mitigate environmental harm, such as setting up a nuclear unit in the national environment management authority; and emergency response teams," notes the Guardian. "It also proposed social and economic protections for affected communities, including clear guidelines on compensation for those who lose their livelihoods, or are displaced from their land, when the plant is set up."

"Nupea said a power station could create thousands of jobs for Kenyans and said it had partnered with Kilifi universities to start nuclear training programs that would enable more residents to take up jobs at the plant. Wilfred Baya, assistant director for energy for Kilifi county, says the plant could also bring infrastructural development and greater electricity access to a region which suffers frequent power cuts."
Facebook

Meta Accused of Trying To Discredit Ad Researchers (theregister.com) 18

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica.

As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups."

On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform.
A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."
Google

French Court Orders Google, Cloudflare, Cisco To Poison DNS To Stop Piracy (torrentfreak.com) 74

An anonymous reader quotes a report from TorrentFreak: A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains. The move is another anti-piracy escalation for broadcaster Canal+, which also has permission to completely deindex the sites from search engine results. [...] Two decisions were handed down by the Paris judicial court last month; one concerning Premier League matches and the other the Champions League. The orders instruct Google, Cloudflare, and Cisco to implement measures similar to those in place at local ISPs. To protect the rights of Canal+, the companies must prevent French internet users from using their services to access around 117 pirate domains.

According to French publication l'Informe, which broke the news, Google attorney Sebastien Proust crunched figures published by government anti-piracy agency Arcom and concluded that the effect on piracy rates, if any, is likely to be minimal. Starting with a pool of all users who use alternative DNS for any reason, users of pirate sites -- especially sites broadcasting the matches in question -- were isolated from the rest. Users of both VPNs and third-party DNS were further excluded from the group since DNS blocking is ineffective against VPNs. Proust found that the number of users likely to be affected by DNS blocking at Google, Cloudflare, and Cisco, amounts to 0.084% of the total population of French Internet users. Citing a recent survey, which found that only 2% of those who face blocks simply give up and don't find other means of circumvention, he reached an interesting conclusion. "2% of 0.084% is 0.00168% of Internet users! In absolute terms, that would represent a small group of around 800 people across France!"

In common with other courts presented with the same arguments, the Paris court said the number of people using alternative DNS to access the sites, and the simplicity of switching DNS, are irrelevant. Canal+ owns the rights to the broadcasts and if it wishes to request a blocking injunction, it has the legal right to do so. The DNS providers' assertion that their services are not covered by the legislation was also waved aside by the court. Google says it intends to comply with the order. As part of the original matter in 2023, it was already required to deindex the domains from search results under the same law. At least in theory, this means that those who circumvented the original blocks using these alternative DNS services, will be back to square one and confronted by blocks all over again. Given that circumventing this set of blocks will be as straightforward as circumventing the originals, that raises the question of what measures Canal+ will demand next, and from whom.

Slashdot Top Deals