Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

An anonymous reader quotes a report from TechCrunch: The U.S. Federal Trade Commission (FTC) on Monday released new documentation detailing its new "Rule on Unfair or Deceptive Fees." The rule, set to take effect on May 12, prohibits hidden fees for live events, hotels, and short-term rentals. It also bans practices such as "bait-and-switch pricing" and any actions that conceal or misrepresent total prices and fees.

In a newly published FAQ, the FTC offers a guide for these types of businesses, providing detailed information about pricing transparency. The rule will impact businesses, including live-event ticket sellers and short-term lodging providers, like hotels, motels, Airbnb, or VRBO. Third-party platforms, resellers, and travel agents are also covered by the new regulation. (Airbnb already updated its service in advance of this new regulation to show users the total cost of their stay upfront.) [...]

Also included in the FTC's new FAQ are the types of fees that can be excluded, such as taxes or government fees, shipping charges, and charges for optional goods or services people may select to buy as part of the same transaction. (Note that handling charges aren't on this list.) However, the FTC notes that businesses must disclose that it has excluded charges from the total price before asking for payment. For example, if a business excludes shipping charges from the advertised price, it's required to clearly state the amount and purpose of those charges.

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...]

"The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."

An anonymous reader quotes a report from the Associated Press: The European Union launched a drive on Monday to attract scientists and researchers to Europe with offers of grants and new policy plans, after the Trump administration froze U.S. government funding linked to diversity, equity and inclusion initiatives. "A few years ago, no one would have imagined that one of the biggest democracies in the world would cancel research programs under the pretext that the word diversity was in this program," French President Emmanuel Macron said at the "Choose Europe for Science" event in Paris. "No one would have thought that one of the biggest democracies in the world would delete with a stroke the ability of one researcher or another to obtain visas," Macron said. "But here we are."

Taking the same stage at the Sorbonne University, European Commission President Ursula von der Leyen said that the EU's executive branch would set up a "super grant" program aimed at offering "a longer-term perspective to the very best" in the field. She said that 500 million euros ($566 million) will be put forward in 2025-2027 "to make Europe a magnet for researchers." It would be injected into the European Research Council, which already has a budget of more than 16 billion euros ($18 billion) for 2021-2027.

Von der Leyen said that the 27-nation EU intends "to enshrine freedom of scientific research into law" with a new legal act. As "the threats rise across the world, Europe will not compromise on its principles," she said. Macron said that the French government would also soon make new proposals to beef up investment in science and research. [...] While not mentioning the Trump administration by name, von der Leyen said that it was "a gigantic miscalculation" to undermine free and open research. "We can all agree that science has no passport, no gender, no ethnicity, no political party," she said. "We believe that diversity is an asset of humanity and the lifeblood of science. It is one of the most valuable global assets and it must be protected." Macron said that science and research must not "be based on the diktats of the few."

Macron said that Europe "must become a refuge" for scientists and researchers, and he said to those who feel under threat elsewhere: "The message is simple. If you like freedom, come and help us to remain free, to do research here, to help us become better, to invest in our future."

Further reading:
75% of Scientists in Nature Poll Weigh Leaving US
NASA, Yale, and Stanford Scientists Consider 'Scientific Exile'

America's federal government "is a veritable cosmos of information, made up of constellations of databases," warns the Atlantic. The FBI "has a facial-recognition apparatus capable of matching people against more than 640 million photos — a database made up of driver's license and passport photos, as well as mug shots. The Homeland Security department holds data "about the movements of every person who travels by air commercially". America's Drug Enforcement Administration "tracks license plates scanned on American roads." And there's also every taxpayer's finance and employment history..." Government agencies including the IRS, the FBI, DHS, and the Department of Defense have all purchased cellphone-location data, and possibly collected them too, via secretive groups such as the National Geospatial-Intelligence Agency. That means the government has at least some ability to map or re-create the past everyday movements of some American citizens.
But now the information at individual agencies "is being pooled together. The question is Why? And what does the administration intend to do with it?" A White House spokesperson confirmed to the Atlantic that data collected by different agencies is now being combined. (They said that "Through data sharing between agencies, departments are collaborating to identify fraud and prevent criminals from exploiting hardworking American taxpayers.") But a March executive explicitly stated an aim "to eliminate the data silos that keep everything separate." The article accuses the administration officials of "not just undoing decades of privacy measures. They appear to be ignoring that they were ever written."

The Atlantic spoke with former government officials "who have spent time in these systems," reporting that "to a person, these experts are alarmed about the possibilities for harm, graft, and abuse... Collecting and then assembling data in the industrial way — just to have them in case they might be useful — would represent a huge and disturbing shift for the government..."

"A fragile combination of decades-old laws, norms, and jungly bureaucracy has so far prevented repositories such as these from assembling into a centralized American surveillance state. But that appears to be changing... DOGE has systematically gained access to sensitive data across the federal government "in ways that people in several agencies have described to us as both dangerous and disturbing."

Remember when U.S. National Security Adviser Mike Waltz mistakenly included a journalist in an encrypted chatroom to discuss looming U.S. military action against Yemen's Houthis?

A recent photo of a high-level cabinet meeting caught Waltz using a "less-secure Signal app knockoff," reports the Guardian: The chat app Waltz was using appears to be a modified version of Signal called TM SGNL, made by a company that copies messaging apps but adds an ability to retain messages and archive them. The White House officials may be using the modified Signal in order to comply with the legal requirement that presidential records be preserved... That function suggests the end-to-end encryption that makes Signal trusted for sharing private communications is possibly "not maintained, because the messages can be later retrieved after being stored somewhere else", according to 404 Media.
Thursday the national security adviser was removed from his position, the article points out.

He was instead named America's ambassador to the United Nations.

Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily."

In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."

Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."

"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."

The U.S. government is seeking to break up Google's advertising technology business after a judge ruled the company holds an illegal monopoly over ad tools for publishers, marking the second such antitrust case following a similar request to divest Chrome. The Guardian reports: "We have a defendant who has found ways to defy" the law, US government lawyer Julia Tarver Wood told a federal court in Virginia, as she urged the judge to dismiss Google's assurance that it would change its behavior. "Leaving a recidivist monopolist" intact was not appropriate to solve the issue, she added. [...] The US government specifically alleged that Google controls the market for publishing banner ads on websites, including those of many creators and small news providers.

The hearing in a Virginia courtroom was scheduled to plan out the second phase of the trial, set for September, in which the parties will argue over how to fix the ad market to satisfy the judge's ruling. The plaintiffs argued in the first phase of the trial last year that the vast majority of websites use Google ad software products which, combined, leave no way for publishers to escape Google's advertising technology and pricing.

The district court judge Leonie Brinkema agreed with most of that reasoning, ruling last month that Google built an illegal monopoly over ad software and tools used by publishers, but partially dismissed the argument related to tools used by advertisers. The US government said it would use the trial to recommend that Google should spin off its ad publisher and exchange operations, as Google could not be trusted to change its ways. "Behavioral remedies are not sufficient because you can't prevent Google from finding a new way to dominate," Tarver Wood said.

Google countered that it would recommend that it agree to a binding commitment that it would share information with advertisers and publishers on its ad tech platforms. Google lawyer Karen Dunn did, however, acknowledge the "trust issues" raised in the case and said the company would accept monitoring to guarantee any commitments made to satisfy the judge. Google is also arguing that calls for divestment are not appropriate in this case, which Brinkema swiftly refused as an argument. The judge urged both sides to mediate, stressing that coming to a compromise solution would be cost-effective and more efficient than running a weeks-long trial.

An anonymous reader quotes a report from the Associated Press: A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app's data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. Ireland's Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.

The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."

[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.

"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."

Almost all new homes in England will be fitted with solar panels during construction within two years, the UK government will announce after Keir Starmer rejected Tony Blair's criticism of net zero policies. From a report: Housebuilders will be legally required to install solar panels on the roofs of new properties by 2027 under the plans. The policy is estimated to add between $4,000 and $5,320 to building a home but homeowners would save more than $1,331 on their annual energy bills, according to the Times.

Labour has set a target of building 1.5m homes by the end of the parliament. The party has promised to decarbonise the electricity grid by 2030 and cut household energy bills by $400 a year.

An anonymous reader quotes a report from CBS News: The House of Representatives on Thursday voted to block California from implementing plans to block new sales of gas-powered vehicles in a decade. In a 246-164 vote, members approved House Joint Resolution 88, which seeks to withdraw a waiver granted by the Environmental Protection Agency to California during the Biden administration to implement the ban. Thirty-five Democrats joined 211 Republicans in backing the measure. [...] The House also approved two other measures which withdraw waivers on the state's plans to increase sales of zero-emissions trucks in a 231-191 vote, along with the state's latest nitrogen oxide emission standards for engines in a 225-196 vote.

Following Thursday's vote, Newsom's office issued a statement saying the House illegally used the Congressional Review Act (CRA) to repeal the state's Clean Air Act waivers. The governor's office also said the move contradicts the Government Accountability Office and Senate Parliamentarian who have ruled the CRA does not apply to the state's waivers. "Trump Republicans are hellbent on making California smoggy again. Clean air didn't used to be political. In fact, we can thank Ronald Reagan and Richard Nixon for our decades-old authority to clean our air," Newsom said. "The only thing that's changed is that big polluters and the right-wing propaganda machine have succeeded in buying off the Republican Party -- and now the House is using a tactic that the Senate's own parliamentarian has said is lawless. Our vehicles program helps clean the air for all Californians, and we'll continue defending it." Sen. Alex Padilla (D-California) said in a statement: "House Republicans' misguided and cynical attempts to gut the Clean Air Act and undercut California's climate leadership ignores the reality of California's strength as the fourth largest economy in the world...

... If Senate Republicans take up these measures under the Congressional Review Act, they will be going nuclear by overruling the Parliamentarian, all to baselessly attack California."

An anonymous reader quotes a report from TechCrunch: Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google and WhatsApp, have in recent years also periodically sent such notifications to their users. As of Wednesday, only two people appear to have come forward to reveal they were among those who received the notifications from Apple this week.

One is Ciro Pellegrino, an Italian journalist who works for online news outlet Fanpage. Pellegrino wrote in an article that he received an email and a text message from Apple on Tuesday notifying him that he was targeted with spyware. The message, according to Pellegrino, also said he wasn't the only person targeted. "Today's notification is being sent to affected users in 100 countries," the message read, according to Pellegrino's article. "Did this really happen? Yes, it is not a joke," Pellegrino wrote.

The second person to receive an Apple notification is Eva Vlaardingerbroek, a Dutch right-wing activist, who posted on X on Wednesday. "Apple detected a targeted mercenary spyware attack against your iPhone," the Apple alert said, according to a screenshot shown in a video that Vlaardingerbroek posted on X. "This attack is likely targeting you specifically because of who you are or what you do. Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning -- please take it seriously." Reacting to the notification, Vlaardingerbroek said that this was an "attempt to intimidate me, an attempt to silence me, obviously."

Alphabet CEO Sundar Pichai told a judge who found that Google illegally monopolizes online search that a Justice Department proposal to share search data with rivals would be a "de facto" divestiture of the company's search engine. From a report: If Google were required to share both its search data and the information on how it ranks results, rivals could reverse engineer "every aspect of our technology," Pichai testified on Wednesday.

"The proposal on data sharing is so far reaching, so extraordinary," Pichai said. It "feels like de facto divestiture of search" and its entire intellectual property and technology over 25 years of research, he said. During testimony in federal court in Washington, Pichai asserted that a package of antitrust remedies proposed by the government is too extreme and will undermine Google's ability to compete in the market.

Microsoft has pledged to take the US government to court if necessary [alternative source] to protect European customers' access to its cloud services, as concerns mount over potential technology disruptions under President Donald Trump. Brad Smith, Microsoft's president and vice-chair, announced five "digital commitments" to Europe on Wednesday, responding to regional anxieties following Trump's temporary suspension of military support to Ukraine.

"We as a company need to be a source of digital stability during a period of geopolitical volatility," Smith said. The commitments include contesting any government order to cease European cloud services through legal channels and establishing European oversight of its continental operations. Microsoft will increase its European data center capacity by 40% over the next two years, expanding in 16 countries with investments of "tens of billions of dollars" annually. The Seattle-based company, which derives more than a quarter of its business from Europe, becomes the first major American tech firm to proactively address European concerns amid escalating trade tensions.

The Karnataka High Court on Tuesday directed India's government to block Switzerland-based email service Proton Mail, citing national security concerns and law enforcement challenges. Justice M Nagaprasanna ordered authorities to initiate proceedings under Section 69A of the Information Technology Act to ban the service, while mandating immediate blocking of "offending URLs" until final decisions are made.

The ruling followed a petition from M Moser Design Associates India, which claimed its female employees were targeted with obscene emails containing "AI-generated deepfake images" sent via Proton Mail. Petitioners argued Proton Mail operates servers outside India, making it inaccessible to law enforcement. The court noted several bomb threats to Indian schools were sent using the service, which has already been banned in Russia and Saudi Arabia. Additional Solicitor General Aravind Kamath, representing the government, said authorities would comply with the court's direction.

Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google. From a report: Google's report said that the number of zero-day exploits -- referring to security flaws that were unknown to the software makers at the time hackers abused them -- had dropped from 98 exploits in 2023 to 75 exploits in 2024.

But the report noted that of the proportion of zero-days that Google could attribute -- meaning identifying the hackers who were responsible for exploiting them -- at least 23 zero-day exploits were linked to government-backed hackers. Among those 23 exploits, 10 zero-days were attributed to hackers working directly for governments, including five exploits linked to China and another five to North Korea.

A former Disney employee who hacked into the company's servers to alter its restaurant menus, including falsifying allergen information and printing profane language, has been sentenced to three years in prison. From a report: Michael Scheuer, a Florida resident, was sentenced last week in federal court and ordered to pay nearly $690,000 in restitution, with most of that going to Disney. He pled guilty in January to one count of computer fraud and one count of aggravated identity theft.

"Scheuer remains remorseful and apologetic to his former co-workers. We are grateful that the judge heard all of our arguments and mitigation when fashioning a sentence that was half of what the government was seeking," said David Haas, Scheuer's lawyer, in a statement to CNN.

Scheuer worked as a menu production manager for Disney and was fired last June for misconduct, according to the original complaint. He had access to, and also used, secure internal servers for creating and publishing menus for all of Disney's restaurants as part of his job at the company.

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

IBM announced plans to invest $150 billion in the United States over the next five years, with more than $30 billion earmarked specifically for research and development of mainframes and quantum computing technology. The investment follows similar commitments from tech giants including Apple and Nvidia -- each pledging approximately $500 billion -- in the wake of President Trump's election and tariff threats.

"We have been focused on American jobs and manufacturing since our founding 114 years ago," said IBM CEO Arvind Krishna in a statement. The company currently manufactures its mainframe systems in upstate New York and plans to continue designing and assembling quantum computers domestically. The announcement comes amid challenging circumstances for IBM, which recently saw 15 government contracts shelved under the Trump administration's cost-cutting initiatives.

Further reading: IBM US Cuts May Run Deeper Than Feared - and the Jobs Are Heading To India;
IBM Now Has More Employees In India Than In the US (2017).

"Only the United States, China and Germany have larger economies than California," reports CNN.

In fact, they add that California "outpaced all three countries with growth of 6% last year," according to the California governor's office (which cites new data from the International Monetary Fund and the U.S. Bureau of Economic Analysis): In 2024, California's growth rate of 6% outpaced the top three economies: U.S. (5.3%), China (2.6%) and Germany (2.9%)...

With an increasing state population and recent record-high tourism spending, California is the nation's top state for new business starts, access to venture capital funding, and manufacturing, high-tech, and agriculture. The state drives national economic growth and also sends over $83 billion more to the federal government than it receives in federal funding. California is the leading agricultural producer in the country and is also the center for manufacturing output in the United States, with over 36,000 manufacturing firms employing over 1.1 million Californians.
The data shows that last year California accounted for 14% of America's GDP, CNN points out, "driven by Silicon Valley and its real estate and finance sectors."