Jessica Lyons Hardcastle reports via The Register: The European Telecommunications Standards Institute (ETSI) may open source the proprietary encryption algorithms used to secure emergency radio communications after a public backlash over security flaws found this summer. "The ETSI Technical Committee in charge of TETRA algorithms is discussing whether to make them public," Claire Boyer, a spokesperson for the European standards body, told The Register. The committee will discuss the issue at its next meeting on October 26, she said, adding: "If the consensus is not reached, it will go to a vote."

TETRA is the Terrestrial Trunked Radio protocol, which is used in Europe, the UK, and other countries to secure radio communications used by government agencies, law enforcement, military and emergency services organizations. In July, a Netherlands security biz uncovered five vulnerabilities in TETRA, two deemed critical, that could allow criminals to decrypt communications, including in real-time, to inject messages, deanonymize users, or set the session key to zero for uplink interception. At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks."

At the time ETSI downplayed the flaws, which it said had been fixed last October, and noted that "it's not aware of any active exploitation of operational networks." It did, however, face criticism from the security community over its response to the vulnerabilities -- and the proprietary nature of the encryption algorithms, which makes it more difficult for proper pentesting of the emergency network system. "This whole idea of secret encryption algorithms is crazy, old-fashioned stuff," said security author Kim Zetter who first reported the story. "It's very 1960s and 1970s and quaint. If you're not publishing [intentionally] weak algorithms, I don't know why you would keep the algorithms secret."

An anonymous reader quotes a report from The Verge: California Governor Gavin Newsom has signed SB 244, or the Right to Repair Act, into law, making it easier for owners to repair devices themselves or to take them to independent repair shops. Because California is one of the world's largest economies, this iFixit-cosponsored bill may make it easier for people all over the US to repair their devices. The law, which joins similar efforts in New York, Colorado, and Minnesota, is tougher than some of its predecessors.

Manufacturers must make available appropriate tools, parts, software, and documentation for seven years after production for devices priced above $100. (Less expensive devices only have to have these materials available for three years.) [...] The bill is effective on electronics made and sold after July 1st, 2021. Though the bill is fairly sweeping, there are carve-outs for game consoles and alarm systems. Further reading: Cory Doctorow: Apple Sabotages Right-to-Repair Using 'Parts-Pairing' and the DMCA

US Space Force has temporarily banned the use of web-based generative AI tools and so-called large language models that power them, citing data security and other concerns, Bloomberg News reported Wednesday, citing a memo. From the report: The Sept. 29 memorandum, addressed to the Guardian Workforce, the term for Space Force members, pauses the use of any government data on web-based generative AI tools, which can create text, images or other media from simple prompts. The memo says they "are not authorized" for use on government systems unless specifically approved.

Chatbots and tools like OpenAI's ChatGPT have exploded in popularity. They make use of language models that are trained on vast amounts of data to predict and generate new text. Such LLMs have given birth to an entire generation of AI tools that can, for example, search through troves of documents, pull out key details and present them as coherent reports in a variety of linguistic styles. Generative AI "will undoubtedly revolutionize our workforce and enhance Guardian's ability to operate at speed," Lisa Costa, Space Force's chief technology and innovation officer, said in the memo. But Costa also cited concerns over cybersecurity, data handling and procurement requirements, saying that the adoption of AI and LLMs needs to be "responsible."

Damage to an undersea gas pipeline and telecommunications cable connecting Finland and Estonia appears to have been caused by "external activity," Finnish officials said Tuesday, adding that authorities were investigating. From a report: Finnish and Estonian gas system operators on Sunday said they noted an unusual drop in pressure in the Balticconnector pipeline after which they shut down the gas flow. The Finnish government on Tuesday said there was damage both to the gas pipeline and to a telecommunications cable between the two NATO countries. Speaking at a news conference Tuesday, Prime Minister Petteri Orpo stopped short of calling the pipeline leak sabotage, but said it could not have been caused by regular operations. "According to a preliminary assessment, the observed damage could not have occurred as a result of normal use of the pipe or pressure fluctuations. It is likely that the damage is the result of external activity," Orpo said. Finland's National Bureau of Investigation was leading an investigation into the leak, Orpo said, adding that the leak occurred in Finland's economic zone.

The chief executive of RISC-V International says that possible government restrictions on the open-source technology will slow down the development of new and better chips, holding back the global technology industry. From a report: The comments come after Reuters last week reported that a growing group of U.S. lawmakers are calling on the Biden administration to impose export control restrictions around RISC-V, the open-source technology overseen by the RISC-V International nonprofit foundation. RISC-V technology can be used as an ingredient to create chips for smartphones or artificial intelligence. Major U.S. firms such as Qualcomm and Alphabet's Google have embraced RISC-V, but so too have Chinese firms such as Huawei, which the U.S. lawmakers argue constitutes a national security concern.

In a blog post, Calista Redmond, chief of RISC-V International, which coordinates work among companies on the technology, said RISC-V is no different than other open technology standards like Ethernet, which helps computers on the internet talk with each other. "Contemplated actions by governments for an unprecedented restriction in open standards will have the consequence of diminished access to the global marketplace of products, solutions, and talent," Redmond wrote. "Bifurcating on the standards level would lead to a world of incompatible solutions that duplicate effort and close off markets."

An anonymous reader quotes a report from The Record: An audio clip posted to social media on Sunday, purporting to show Britain's opposition leader Keir Starmer verbally abusing his staff, has been debunked as being AI-generated by private-sector and British government analysis. The audio of Keir Starmer was posted on X (formerly Twitter) by a pseudonymous account on Sunday morning, the opening day of the Labour Party conference in Liverpool. The account asserted that the clip, which has now been viewed more than 1.4 million times, was genuine, and that its authenticity had been corroborated by a sound engineer.

Ben Colman, the co-founder and CEO of Reality Defender -- a deepfake detection business -- disputed this assessment when contacted by Recorded Future News: "We found the audio to be 75% likely manipulated based on a copy of a copy that's been going around (a transcoding). As we don't have the ground truth, we give a probability score (in this case 75%) and never a definitive score ('this is fake' or 'this is real'), leaning much more towards 'this is likely manipulated' than not," said Colman. "It is also our opinion that the creator of this file added background noise to attempt evasion of detection, but our system accounts for this as well," he said.

Adi Robertson reports via The Verge: California Governor Gavin Newsom has signed AB 1394, a law that would punish web services for "knowingly facilitating, aiding, or abetting commercial sexual exploitation" of children. It's one of several online regulations that California has passed in recent years, some of which have been challenged as unconstitutional. Newsom's office indicated in a press release yesterday that he had signed AB 1394, which passed California's legislature in late September.

The law is set to take effect on January 1, 2025. It adds new rules and liabilities aimed at making social media services crack down on child sexual abuse material, adding punishments for sites that "knowingly" leave reported material online. More broadly, it defines "aiding or abetting" to include "deploy[ing] a system, design, feature, or affordance that is a substantial factor in causing minor users to be victims of commercial sexual exploitation." Services can limit their risks by conducting regular audits of their systems. As motivation, the bill text cites whistleblower complaints that Facebook responded inadequately to child abuse on the platform and a 2022 Forbes article alleging that TikTok Live had become a haven for adults to prey on teenage users.

An anonymous reader quotes a report from TechCrunch: Several groups of hacktivists have targeted Israeli websites with floods of malicious traffic following a surprise land, sea and air attack launched against Israel by militant group Hamas on Saturday, which prompted Israel to declare war and retaliate. Israeli newspaper The Jerusalem Post reported Monday that since Saturday morning its website was down "due to a series of cyberattacks initiated against us." At the time of writing, the paper's website still appeared down.

Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a conference on Monday that there have been denial of service (DDoS) attacks and defacements of websites, without attributing the cyberattacks to particular groups. "But we're not yet seeing real [nation] state malicious actors," Joyce reportedly said. [...] Joyce's remarks appear to confirm findings of security researcher Will Thomas, who told TechCrunch that he has seen more than 60 websites taken down with DDoS attacks, and more than five websites that were defaced as of Monday.

It is common for hacktivist groups to launch cyberattacks during armed conflict, similar to what happened in Ukraine. These hackers are often not affiliated with any governments but rather a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are far more limited compared to the activities of nation-state hacking groups. Researchers and government agencies like the NSA say they have only seen activity by hacktivists so far in this Hamas-Israel conflict. "The thing that has surprised me about the hacktivism surrounding this conflict is the amount of international groups involved, such as those allegedly from Bangladesh, Pakistan, and Morocco all also targeting Israel in support of Palestine," said Thomas. "We also seen long-time threat actors returning who have participated in attacks and spread them using the hashtag #OpIsrael for years."

"I have seen several posts of cybercriminal service operators such as DDoS-for-Hire or Initial Access Brokers offering their services to those wanting to target Israel or Palestine," he added.

The Street argues that Satya Nadella "has transformed Microsoft since taking over for former CEO Steve Ballmer. Instead of closing the company off from its rivals, Nadella has been open to working with companies that are also competitors like Apple." But they added that Nadella "remains at odds" with Google's parent company Alphabet, even testifying in the antitrust lawsuit against the company.

They highlight another example from Nadella's testimony (first spotted by GeekWire). Nadella also believes that Alphabet sells a false narrative that OEM partners have a choice when in reality they don't. "Google has carrots and it has massive sticks...'We'll remove Google Play if you don't have us as the primary browser.' And without Google Play, an Android phone is a brick. And so that is the type of stuff that is impossible to overcome. No OEM is going to do that," he said.
GeekWire also notes Nadella's comments about the U.S. government's antitrust case against Microsoft in 1998: "Google exists because of two things. One is because of our consent decree, where we had to put a lot of limits on what we could distribute and not distribute by default. And, second, because [of] the fact that you could distribute anything you wanted on Windows, and it's still the case, right, it's not just Google. ... The largest marketplace on Windows happens to be not from Microsoft, it's Steam. And so it's an open platform on which anybody can distribute anything."

"34% of Californians say they are considering moving out of the state due to housing costs," according to statistics from a new report from the Public Policy Institute of California.

It's a nonprofit think tank founded in 1994 "to inform and improve public policy in California through independent, objective, nonpartisan research." (Founded with a grant from Bill Hewlett of Hewlett-Packard, it also gets funding from the David and Lucile Packard Foundation). The report's startling conclusion? "After a century of explosive growth, California is likely to become a slow-growing state." After the year 2030 California's seniors (older than 65) are expected to outnumber its children. "In 2020, California had nearly four residents ages 18-64 for every adult 65 and older. This ratio is expected to drop to 2.8 by 2030 and 2.2 by 2060, if current trends continue."

Births are outpacing deaths by over 106,000 people a year. (Even during the pandemic California had a lower COVID mortality rate than most states.) And international immigration remained a net positive with a 90,000-person increase in 2022. Yet all of this was offset in 2022 by a net loss of 407,000 people migrating out of the state.

California already has a population of 39 million — but the full report cites July 2023 projections from the state's Department of Finance that now "suggest that the state population will plateau between 39 and 40 million residents in the long term."

The caption on one graph notes that California "is losing households at all income levels." [W]hile the majority of domestic outmigrants are lower- and middle-income, an increasing proportion of higher-income Californians are also exiting the state. The "new normal" of remote work in many white-collar professions has enabled some higher-income workers to move. Politics might also play a role, as conservatives are much more likely than liberals to say they have considered leaving the state.
One other factor: Declining birth and fertility rates are a nationwide, even a global, phenomenon as economic and social events have changed the status of women and their access to educational and job opportunities. Total fertility rates — the number of births the average woman will have in her lifetime — have fallen across the U.S. in recent decades. No state has a rate at or above 2.1, the level necessary to maintain a population's current size (not taking immigration and migration into account), but California's fertility rate has fallen faster than most. In 2008 its rate was above the national average (2.15); by 2020 it fell to the seventh-lowest (1.52).

The declining birth rate among young adults in their 20s is the biggest driver of the fertility rate decline. One major factor is that 20-somethings are now less likely to get married, which can affect decisions to have children... In the past, higher birth rates among immigrants also helped offset lower birth rates among US-born Californians, though more recently birth rates among immigrants have declined, reflecting patterns in sending countries.

Nearly 12% of America's population is in California. And the Los Angeles Times is predicting changes to what they eat: California became the first state in the nation to prohibit four food additives found in popular cereal, soda, candy and drinks after Gov. Gavin Newsom signed a ban on them Saturday. The California Food Safety Act will ban the manufacture, sale or distribution of brominated vegetable oil, potassium bromate, propylparaben and red dye No. 3 — potentially affecting 12,000 products that use those substances, according to the Environmental Working Group.

The legislation was popularly known as the "Skittles ban" because an earlier version also targeted titanium dioxide, used as a coloring agent in candies including Skittles, Starburst and Sour Patch Kids, according to the Environmental Working Group. But the measure, Assembly Bill 418, was amended in September to remove mention of the substance...

Assemblyman Jesse Gabriel (D-Woodland Hills), who authored AB 418, hailed the move as a "huge step in our effort to protect children and families in California from dangerous and toxic chemicals in our food supply." Gabriel said the bill won't ban any foods or products but will require food companies to make "minor modifications" to their recipes and switch to safer alternative ingredients. The use of the chemicals has already been banned in the European Union's 27 nations as well as many other countries due to scientific research linking them to cancer, reproductive issues, and behavioral and developmental problems in children, Gabriel said. Many major brands and manufacturers — including Coke, Pepsi, Gatorade and Panera — have voluntarily stopped using the additives because of concerns about their affect on human health. Brominated vegetable oil was previously used in Mountain Dew, but Pepsi Co. has since stopped using it in the beverage. It is still used, however, in generic soda brands such as Walmart's Great Value-branded Mountain Lightning. Propylparaben and potassium bromate are commonly found in baked goods. Red dye no. 3 is used by Just Born Quality Confections to color pink and purple marshmallow Peeps candy, according to Consumer Reports. "What we're really trying to get them to do is to change their recipes," Gabriel told The Times in March. "All of these are nonessential ingredients...."

"This is a milestone in food safety, and California is once again leading the nation," said Ken Cook, president of the Environmental Working Group, which co-sponsored the bill along with Consumer Reports. The law could affect food across the country, Cook said, because the size of California's economy might prompt manufacturers to produce just one version of their product rather than separate ones for the state and the rest of the nation.
A study by California's Office of Environmental Health Hazard Assessment (cited in the bill) found that "consumption of synthetic food dyes can result in hyperactivity and other neurobehavioral problems in some children, and that children vary in their sensitivity to synthetic food dyes. The report also found that current federal levels for safe intake of synthetic food dyes may not sufficiently protect children's behavioral health." The reports adds that America's Food and Drug Administration had set levels for the additives" "decades ago," and that those levels "do not reflect newer research."

The Los Angeles Times notes that the law won't take effect until January of 2027 — and that it imposes fines of "up to $10,000 for violations."

The Times also points out that former California governor Arnold Schwarzenegger had endorsed the bill as "common sense".

An anonymous reader writes: Amidst a winter marked by scarce gas supplies, the German government has opted to retain its lignite coal power plants on standby for another season. Originally, Germany had planned a phased shutdown of coal plants in exchange for a portion of the government's €40 billion coal phase-out fund. However, last year, disruptions in Russian gas supplies post-Ukraine war prompted an emergency decision to keep coal plants operational. This measure is now extended for the upcoming winter, maintaining 1.9 GWs of lignite capacity alongside the existing 45 GW of coal power plants.

The primary purpose of these lignite plants is to alleviate gas demand during peak times and stabilize prices. Despite the economic benefits, the move raises environmental concerns, given lignite's status as a major climate polluter. The government acknowledges this and plans to assess the additional carbon emissions resulting from keeping coal plants on standby, estimated to be between 2.5 and 5.6 tonnes of CO2.

The German government emphasized the persistence of the goal to ideally complete the coal phase-out by 2030 and meet climate targets.

Since 2004 October has been designated "Cybersecurity Awareness Month" in America, "a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk and generate discussion on cyber threats on a national and global scale."

That's according to America's Cybersecurity and Infrastructure Security Agency (or CISA), the operational lead for federal cybersecurity and national coordinator for critical infrastructure security and resilience (specifically designed for collaboration and partnership). It's why the NSA is publicizing the ten most common cybersecurity misconfigurations in large organizations.

But in addition, for consumers CISA is introducing a new program this year that "promotes behavioral change across the Nation, with a particular focus on how individuals, families and small to medium-sized businesses can Secure Our World by focusing on the four critical actions..." In a video the director of America's cyberdefense agency calls them steps "that everyone can take to stay safe online."

• Use Strong Passwords, "meaning long, random, and unique to each account. And use a password manager to generate and to save them."

• Turn on Multi-Factor Authentication on All Accounts That Offer It. "You need more than a password on your most important accounts, like email, social media, and financial accounts."

• Recognize and Report Phishing. "Be cautious of unsolicited emails, texts, or calls asking you for personal information, and don't click on links or open attachments from unknown sources.

• Update Your Software. "In fact, enable automatic updates on your software, so the latest security patches just keep your devices continuously up-to-date."

The video ends by noting CISA is asking tech companies and software developers to create products that are "secure by design."

"And let's secure our families by ensuring that our loved ones know what to look for and how to stay safe online."

An anonymous reader shared this report from Reuters: In a new front in the U.S.-China tech war, President Joe Biden's administration is facing pressure from some lawmakers to restrict American companies from working on a freely available chip technology widely used in China — a move that could upend how the global technology industry collaborates across borders...

RISC-V can be used as a key ingredient for anything from a smartphone chip to advanced processors for artificial intelligence... The lawmakers expressed concerns that Beijing is exploiting a culture of open collaboration among American companies to advance its own semiconductor industry, which could erode the current U.S. lead in the chip field and help China modernize its military. Their comments represent the first major effort to put constraints on work by U.S. companies on RISC-V...

Executives from China's Huawei Technologies have embraced RISC-V as a pillar of that nation's progress in developing its own chips. But the United States and its allies also have jumped on the technology, with chip giant Qualcomm working with a group of European automotive firms on RISC-V chips and Alphabet's Google saying it will make Android, the world's most popular mobile operating system, work on RISC-V chips...

Jack Kang, vice president of business development at SiFive, a Santa Clara, California-based startup using RISC-V, said potential U.S. government restrictions on American companies regarding RISC-V would be a "tremendous tragedy." "It would be like banning us from working on the internet," Kang said. "It would be a huge mistake in terms of technology, leadership, innovation and companies and jobs that are being created."
One U.S. Representative said the Chinese Communist Party was "abusing RISC-V to get around U.S. dominance of the intellectual property needed to design chips.

"U.S. persons should not be supporting a PRC tech transfer strategy that serves to degrade U.S. export control laws."

Tom Perkins writes via The Guardian: Almost half of a federal government panel that helps develop US nutritional guidelines has significant ties to big agriculture, ultra-processed food companies, pharmaceutical companies and other corporate organizations with a significant stake in the process's outcome. The revelation is part of a new report from US Right to Know, a government transparency group that looked for ties to corporate interests among the 20-member panel of food and nutrition experts that makes recommendations for updating the US government's official dietary guidelines.

It found nine members had ties to Nestle, Pfizer, Coca-Cola, the National Egg Board and other prominent food lobby groups, among others. The findings raise questions about whether the panel is looking out for Americans' health or corporate profits, and "erodes confidence in dietary guidelines," said Gary Ruskin of US Right to Know. "Millions of Americans' lives are affected by this report and it's crucial that the report tell the truth to American people and it's not degraded into another sales pitch for big food and big pharma," he said. [...]

"The guidelines affect the entire US food system quite strongly," Ruskin said. US Right to Know scoured public records dating back five years for conflicts of interest among the 20 panel members. In addition to the nine it found with "high-risk conflicts of interest" and connections to the food and drug industry, it found four more members who have possible conflicts of interest. It applauded the agencies for appointing seven members who did not appear to have any conflicts. At least four panelists have connections to at least two companies each among Abbott, Novo Nordisk, the National Dairy Council, Eli Lilly and Weight Watchers International. One panel member has received about $240,000 in grant funding from Eli Lilly.

Lawmakers in the United States last year passed bipartisan legislation intended to maintain US competitiveness with countries such as China by boosting funding for science and innovation. But concerns are mounting that the US Congress will fail to deliver on its promises. From a report: The money allotted to a handful of major US science agencies that had been targeted for a budget boost is likely to fall short of the legislation's goals by more than US$7 billion in 2024, according to a report. And overall funding for those agencies will continue to hover at a 25-year low.

"We're leaving scientific opportunities on the table," says Matt Hourihan, who led the analysis for the Federation of American Scientists, an advocacy group based in Washington DC. "If we drop this ball, others will be happy to pick it up." It was precisely this fear that drove members of Congress to come together to pass the CHIPS and Science Act of 2022. The legislation promised one of the largest increases in US science funding in a long time, totalling some $280 billion over five years. Much of the spending mandated by the bill was focused on semiconductor research and manufacturing -- areas in which other countries, particularly China, have dominated. Lawmakers also authorized investments in other science and innovation programmes, but these were not mandated, and need to be approved by Congress during an appropriations process each year.

That process has become increasingly contentious as political polarization in the United States has risen over the past few decades. Disputes about overall spending levels and funding for various social programmes have led to repeated delays in crafting the annual budget, at times forcing the government to shut down. This year is a prime example: Republicans, who control the US House of Representatives, blocked legislation that would have allowed the government to increase the federal debt limit and pay its bills, until they were able to secure an agreement with the Democrats in May to limit spending. And last month, a handful of extreme right-wing Republicans sought to close the government down as they pushed for further spending cuts.

The Biden administration has urged the FCC to adopt strong rules to redress historic shortfalls that have left some communities lacking adequate broadband service. From a report: The position sets up a possible clash with large broadband providers that have warned the FCC, which is set to produce rules by next month, against unnecessary regulations. Clear rules are needed to close the digital divide that leaves millions without adequate broadband, the National Telecommunications and Information Administration said in a statement. The Commerce Department unit advises the president and develops internet policy. "Strong rules are needed to remedy unequal access to internet service, no matter what the cause may be," said Alan Davidson, the assistant secretary of commerce for communications and information, who is also the NTIA's top official. "Rules that combat digital discrimination will bring lasting relief to vulnerable communities that historically have been left behind online."

The FCC is considering regulations to prevent and eliminate digital discrimination of access based on income level, race and other factors, according to Chairwoman Jessica Rosenworcel. Broadband advocates have told the agency they want deep changes that will steer spending into cities. Some urban neighborhoods have suffered from disinvestment dating back to redlining decades ago, when government-aided discriminatory lending patterns starved neighborhoods of housing resources. Many of those areas still aren't prosperous, and haven't seen network upgrades.

An anonymous reader quotes a report from the Financial Times: Belgium's intelligence service has been monitoring Alibaba's main logistics hub in Europe for espionage following suspicions Beijing has been exploiting its growing economic presence in the west. European governments have been increasing scrutiny of the alleged security and economic risks posed by Chinese companies, which has been part of a wider reassessment of the EU's traditional openness to trade with China. In specific reference to Alibaba's logistics arm at the cargo airport in Liege, Belgium's security services told the Financial Times they were working to detect "possible espionage and/or interference activities" carried out by Chinese entities "including Alibaba".

Alibaba, which denies any wrongdoing, signed an agreement with Belgium in 2018 to open the hub in Liege, Europe's fifth-largest cargo airport, ploughing 100 million euros of investment into the ailing economy of the French-speaking Walloon region. But almost two years on from the site being opened, the Belgian State Security Service (VSSE) has continued monitoring Alibaba's operations following intelligence assessments, said people familiar with the matter. One area of scrutiny includes the introduction of software systems that collate sensitive economic information. The security service said the presence of Alibaba "constitutes a point of attention for the VSSE" because of legislation forcing Chinese companies to share their data with Chinese authorities and intelligence services. "China has the intent and capacity to use this data for non-commercial purposes," the agency said.

Concerns about potential espionage at the site were first raised before the hub was built, including in the Belgian parliament. At the time China strongly denied the "unprovoked insinuations" over exaggerated "so-called security risks of Chinese companies." The VSSE's statement to the FT indicate its concerns over espionage still remain after the opening of the hub. [...] The main concern is that this platform, alongside a couple of other logistical platforms that the Chinese have been proposing to European countries, is giving them a lot of insights into supply chains and into eventual vulnerabilities," said Jonathan Holslag, a professor at the Vrije Universiteit Brussel. According to a person familiar with Alibaba's relations to China's government, the logistics centers are expected to pass on information about local sentiment and report data about European trade and logistics to Beijing's authorities. "The site in Liege is the only European logistics center run by Alibaba's logistics spin-off Cainiao," reports the FT. The company is reportedly able to access data about merchants, products, transport details and flows. It may also be able to access information about final customers.

Slash_Account_Dot shares a report from 404 Media, written by Joseph Cox: In a bombshell report, an oversight body for the Department of Homeland Security (DHS) found that Immigration and Customs Enforcement (ICE), Customs and Border Enforcement (CBP), and the Secret Service all broke the law while using location data harvested from ordinary apps installed on smartphones. In one instance, a CBP official also inappropriately used the technology to track the location of coworkers with no investigative purpose. For years U.S. government agencies have been buying access to location data through commercial vendors, a practice which critics say skirts the Fourth Amendment requirement of a warrant. During that time, the agencies have typically refused to publicly explain the legal basis on which they based their purchase and use of the data. Now, the report shows that three of the main customers of commercial location data broke the law while doing so, and didn't have any supervisory review to ensure proper use of the technology. The report also recommends that ICE stop all use of such data until it obtains the necessary approvals, a request that ICE has refused.

The report, titled "CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data," is dated September 28, 2023, and comes from Joseph V. Cuffari, the Inspector General for DHS. The report was originally marked as "law enforcement sensitive," but the Inspector General has now released it publicly.

Apple held talks with DuckDuckGo to replace Alphabet's Google as the default search engine for the private mode on Apple's Safari browser, but ultimately rejected the idea. From a report: The details of those talks -- and Apple's discussions about buying Microsoft's Bing search engine in 2018 and 2020 -- were revealed late Wednesday in transcripts unsealed by the judge overseeing the US government's antitrust trial against Google. US District Judge Amit Mehta ruled Wednesday that he would unseal the testimony of DuckDuckGo Chief Executive Officer Gabriel Weinberg and Apple executive John Giannandrea, both of whom testified in the Washington trial in closed sessions. Weinberg testified that DuckDuckGo had about 20 meetings and phone calls with Apple executives, including the head of Safari, in 2018 and 2019 about becoming the default search engine for private browsing mode. In private mode, Safari doesn't track websites that a user visits or keep a history of what a person has accessed.

"We were talking about it, I thought they would launch it," Weinberg said, noting that Apple had integrated several of DuckDuckGo's other privacy technologies into Safari. "Multiple times we've gotten integrations all the way through the finish line. Really, almost everything we've pitched except for search." But Giannandrea, who joined Apple as the head of search in 2018, said that to his knowledge Apple hadn't considered switching to DuckDuckGo. In a February 2019 email to other Apple executives, Giannandrea said it was "probably a bad idea" to switch to DuckDuckGo for private browsing in Safari. "The motivating factor for setting DuckDuckGo as the default for private browsing was an assumption" that it would be more private, Giannandrea testified. Because DuckDuckGo relies on Bing for its search information, it also likely provides Microsoft some user information, he said, which led him to believe that DuckDuckGo's "marketing about privacy is somewhat incongruent with the details."