An anonymous reader quotes a report from CBC News: Online streaming services operating in Canada will be required to contribute five percent of their Canadian revenues to support the domestic broadcasting system, the country's telecoms regulator said on Tuesday. The money will be used to boost funding for local and Indigenous broadcasting, officials from the Canadian Radio-television and Telecommunications Commission (CRTC) said in a briefing. "Today's decision will help ensure that online streaming services make meaningful contributions to Canadian and Indigenous content," wrote CRTC chief executive and chair Vicky Eatrides in a statement.

The measure was introduced under the auspices of a law passed last year designed to make sure that companies like Netflix make a more significant contribution to Canadian culture. The government says the legislation will ensure that online streaming services promote Canadian music and stories, and support Canadian jobs. Funding will also be directed to French-language content and content created by official language minority communities, as well as content created by equity-deserving groups and Canadians of diverse backgrounds. The release also said that online streaming services will "have some flexibility" to send their revenues to support Canadian television directly. [...]

The measure, which will start in the 2024-2025 broadcasting year, would raise roughly $200 million annually, CRTC officials said. It will only apply to services that are not already affiliated with Canadian broadcasters. The CMPA was among 20 screen organizations from around the world that signed a statement in January asking governments to impose stronger regulations on streaming companies operating in local markets. One of the demands was a measure that would force companies profiting from their presence in those markets to contribute financially to the creation of new local content."We are disappointed by today's decision and concerned by the negative impact it will have on Canadian consumers. We are assessing the decision in full, but this onerous and inflexible financial levy will be harmful to consumer choice," a spokesperson for Prime Video wrote to CBC News in a statement.

An anonymous reader quotes a report from The Register: Billions of records detailing people's personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks' private info. A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It's believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker. The pilfered information is said to include individuals' full names, addresses, and address history going back at least three decades, social security numbers, and people's parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.

Fast forward to this month, and the infosec watchers at VX-Underground say they've not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground's assessment, the 277.1GB file contains nearly three billion records on people who've at least lived in the United States -- so US citizens as well as, say, Canadians and Brits. This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. There is a small silver lining, according to the VX team: "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present." So, we guess this is a good lesson in opting out.

TorrentFreak's Ernesto Van der Sar recalls the rise and fall of Napster, the file-sharing empire that kickstarted a global piracy frenzy 25 years ago. Here's an excerpt from his report: At the end of the nineties, technology and the Internet were a playground for young engineers and 'hackers'. Some of them regularly gathered in the w00w00 IRC chatroom on the EFnet network. This tech-think-tank had many notable members, including WhatsApp founder Jan Koum and Shawn Fanning, who logged on with the nickname Napster. In 1998, 17-year-old Fanning shared an idea with the group. 'Napster' wanted to create a network of computers that could share files with each other. More specifically, a central music database that everyone in the world could access.

This idea never left the mind of the young developer. Fanning stopped going to school and flanked by his friend Sean Parker, devoted the following months to making his vision a reality. That moment came on June 1, 1999, when the first public release of Napster was released online. Soon after, the software went viral. Napster was quickly embraced by millions of users, who saw the software as something magical. It was a gateway for musical exploration, one that dwarfed even the largest record stores in town. And all for free. It sounds mundane today, but some equated it to pure technological sorcery. For many top players in the music industry, Napster's sorcery was pure witchcraft. At the time, manufacturing CDs with high profit margins felt like printing money and Napster's appearance threatened to ruin the party. [...]

At the start of 2001, Napster's user base reached a peak of more than 26.4 million worldwide. Yet, despite huge growth and backing from investors, the small file-sharing empire couldn't overcome the legal challenges. The RIAA lawsuit resulted in an injunction from the Ninth Circuit Court, which ordered the network to shut down. This happened during July 2001, little more than two years after Napster launched. By September that year, the case had been settled for millions of dollars. While the Napster craze was over, file-sharing had mesmerized the masses and the genie was out of the bottle. Grokster, KaZaa, Morpheus, LimeWire, and many others popped up and provided sharing alternatives, for as long as they lasted. Meanwhile, BitTorrent was also knocking on the door. "Napster paved the way for Apple's iTunes store, to serve the demand that was clearly there," notes Ernesto. "This music streaming landscape was largely pioneered by a Napster 'fan' from Sweden, Daniel Ek."

"Like many others, Ek was fascinated by the 'all you can play' experience offered by file-sharing software, and that planted the seeds for the music streaming startup Spotify, where he still serves as CEO today. In fact, Spotify itself used file-sharing technology under the hood to ensure swift playback."

An anonymous reader shares a report: Samsung isn't waiting around for Oura to file any patent claims over its forthcoming smart ring. Instead, it's preemptively filed its own suit against Oura, seeking a "declaratory judgment" that states the Galaxy Ring doesn't infringe on five Oura patents. The suit alleges that Oura has a pattern of filing patent suits against competitors based on "features common to virtually all smart rings." In particular, the suit references sensors, electronics, batteries, and scores based on metrics gathered from sensors. The case lists instances in which Oura sued rivals like Ultrahuman, Circular, and RingConn, sometimes before they even entered the US market. For those reasons, Samsung says in the suit that it anticipates being the target of an Oura suit.

Google has accidentally collected childrens' voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users' deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and security issues obtained by 404 Media. From the report: Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly. Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people's lives.

The data obtained by 404 Media includes privacy and security issues that Google's own employees reported internally. These include issues with Google's own products or data collection practices; vulnerabilities in third party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data. The incidents include everything from a single errant email containing some PII, through to substantial leaks of data, right up to impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018. In one 2016 case, a Google employee reported that Google Street View's systems were transcribing and storing license plate numbers from photos. They explained that Google uses an algorithm to detect text in Street View imagery.

"To save itself, TikTok in 2022 offered the U.S. government an extraordinary deal," reports the Washington Post. The video app, owned by a Chinese company, said it would let federal officials pick its U.S. operation's board of directors, would give the government veto power over each new hire and would pay an American company that contracts with the Defense Department to monitor its source code, according to a copy of the company's proposal. It even offered to give federal officials a kill switch that would shut the app down in the United States if they felt it remained a threat.

The Biden administration, however, went its own way. Officials declined the proposal, forfeiting potential influence over one of the world's most popular apps in favor of a blunter option: a forced-sale law signed last month by President Biden that could lead to TikTok's nationwide ban. The government has never publicly explained why it rejected TikTok's proposal, opting instead for a potentially protracted constitutional battle that many expect to end up before the Supreme Court... But the extent to which the United States evaluated or disregarded TikTok's proposal, known as Project Texas, is likely to be a core point of dispute in court, where TikTok and its owner, ByteDance, are challenging the sale-or-ban law as an "unconstitutional assertion of power."

The episode raises questions over whether the government, when presented with a way to address its concerns, chose instead to back an effort that would see the company sold to an American buyer, even though some of the issues officials have warned about — the opaque influence of its recommendation algorithm, the privacy of user data — probably would still be unresolved under new ownership...

A senior Biden administration official said in a statement that the administration "determined more than a year ago that the solution proposed by the parties at the time would be insufficient to address the serious national security risks presented. While we have consistently engaged with the company about our concerns and potential solutions, it became clear that divestment from its foreign ownership was and remains necessary."
"Since federal officials announced an investigation into TikTok in 2019, the app's user base has doubled to more than 170 million U.S. accounts," according to the article.

It also includes this assessment from Anupam Chander, a Georgetown University law professor who researches international tech policy. "The government had a complete absence of faith in [its] ability to regulate technology platforms, because there might be some vulnerability that might exist somewhere down the line."

"Within less than a minute, I'm approached by a store worker who comes up to me and says, 'You're a thief, you need to leave the store'."

That's a quote from the BBC by a wrongly accused customer who was flagged by a facial-recognition system called Facewatch. "She says after her bag was searched she was led out of the shop, and told she was banned from all stores using the technology."

Facewatch later wrote to her and acknowledged it had made an error — but declined to comment on the incident in the BBC's report: [Facewatch] did say its technology helped to prevent crime and protect frontline workers. Home Bargains, too, declined to comment. It's not just retailers who are turning to the technology... [I]n east London, we joined the police as they positioned a modified white van on the high street. Cameras attached to its roof captured thousands of images of people's faces. If they matched people on a police watchlist, officers would speak to them and potentially arrest them...

On the day we were filming, the Metropolitan Police said they made six arrests with the assistance of the tech... The BBC spoke to several people approached by the police who confirmed that they had been correctly identified by the system — 192 arrests have been made so far this year as a result of it.
Lindsey Chiswick, director of intelligence for the Met, told the BBC that "It takes less than a second for the technology to create a biometric image of a person's face, assess it against the bespoke watchlist and automatically delete it when there is no match."

"That is the correct and acceptable way to do it," writes long-time Slashdot reader Baron_Yam, "without infringing unnecessarily on the freedoms of the average citizen. Just tell me they have appropriate rules, effective oversight, and a penalty system with teeth to catch and punish the inevitable violators."

But one critic of the tech complains to the BBC that everyone scanned automatically joins "a digital police line-up," while the article adds that others "liken the process to a supermarket checkout — where your face becomes a bar code." And "The error count is much higher once someone is actually flagged. One in 40 alerts so far this year has been a false positive..."

Thanks to Slashdot reader Bruce66423 for sharing the article.

How will Apple protect user data while their requests are being processed by AI in applications like Siri?

Long-time Slashdot reader AmiMoJo shared this report from Apple Insider: According to sources of The Information [four different former Apple employees who worked on the project], Apple intends to process data from AI applications inside a virtual black box.

The concept, known as "Apple Chips in Data Centers" internally, would involve only Apple's hardware being used to perform AI processing in the cloud. The idea is that it will control both the hardware and software on its servers, enabling it to design more secure systems. While on-device AI processing is highly private, the initiative could make cloud processing for Apple customers to be similarly secure... By taking control over how data is processed in the cloud, it would make it easier for Apple to implement processes to make a breach much harder to actually happen.

Furthermore, the black box approach would also prevent Apple itself from being able to see the data. As a byproduct, this means it would also be difficult for Apple to hand over any personal data from government or law enforcement data requests.
Processed data from the servers would be stored in Apple's "Secure Enclave" (where the iPhone stores biometric data, encryption keys and passwords), according to the article.

"Doing so means the data can't be seen by other elements of the system, nor Apple itself."

An anonymous reader shared this report from the Washington Post: Twice before, this Virginia carpenter had awoken in the predawn to start his work day only to find one of his vans broken into. Tools he depends on for a living had been stolen, and there was little hope of retrieving them. Determined to shut down thieves, he said, he bought a bunch of Apple AirTags and hid the locator devices in some of his larger tools that hadn't been pilfered. Next time, he figured, he would track them.

It worked.

On Jan. 22, after a third break-in and theft, the carpenter said, he drove around D.C.'s Maryland suburbs for hours, following an intermittent blip on his iPhone, until he arrived at a storage facility in Howard County. He called police, who got a search warrant, and what they found in the locker was far more than just one contractor's nail guns and miter saws.

The storage unit, stuffed with purloined power tools, led detectives to similar caches in other places in the next four months — 12 locations in all, 11 of them in Howard County — and the recovery of about 15,000 saws, drills, sanders, grinders, generators, batteries, air compressors and other portable (meaning easily stealable) construction equipment worth an estimated $3 million to $5 million, authorities said.
Some were stolen as long ago as 2014, a police spokesperson told the Washington Post, coming from "hundreds if not thousands" of victims...

The Affordable Connectivity Program (ACP), which provided monthly internet bill credits for low-income Americans, will officially end on June 1 due to a lack of additional funding from Congress. This termination threatens nearly 60 million Americans with increased financial hardship, as the program's lapse leaves them without the subsidies that made internet access affordable. CNN reports: The 2.5-year-old ACP provided eligible low-income Americans with a monthly credit off their internet bills, worth up to $30 per month and as much as $75 per month for households on tribal lands. The pandemic-era program was a hit with members of both political parties and served tens of millions of seniors, veterans and rural and urban Americans alike. Program participants received only partial benefits in May ahead of the ACP's expected collapse. [...]

On Friday, Biden reiterated his calls for Congress to pass legislation extending the ACP. He also announced a series of voluntary commitments by a handful of internet providers to offer -- or continue offering -- their own proprietary low-income internet plans. The list includes AT&T, Comcast, Cox, Charter's Spectrum and Verizon, among others. Those providers will continue to offer qualifying ACP households a broadband plan for $30 or less, the White House said, and together the companies are expected to cover roughly 10 million of the 23 million households relying on the ACP. "The Affordable Connectivity Program filled an important gap that provider low-income programs, state and local affordability programs, and the Lifeline program cannot fully address," said FCC Chairwoman Jessica Rosenworcel in a statement, referring to the name of another, similar FCC program that subsidizes wireless and home internet service. "The Commission is available to provide any assistance Congress may need to support funding the ACP in the future and stands ready to resume the program if additional funding is provided."

An anonymous reader quotes a report from the BBC: Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers. They belong to the same gang which this week claimed to have hacked Ticketmaster. The bank -- which employs 200,000 people worldwide, including around 20,000 in the UK -- has confirmed data has been stolen. Santander has apologized for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly."

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month. "No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords." It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum -- first spotted by researchers at Dark Web Informer- the group calling themselves ShinyHunters posted an advert saying they had data including: 30 million people's bank account details, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff. Santander has not commented on the accuracy of those claims.

Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19 after a threat actor breached the company's website, stealing the Fanzone member information of 500,000 customers. BleepingComputer reports: [A] threat actor known as 'Ghostr' told us they hacked the company's Fanzone website on May 18 and downloaded its linked databases. Cooler Master's Fanzone site is used to register a product's warranty, request an RMA, or open support tickets, requiring customers to fill in personal data, such as names, email addresses, addresses, phone numbers, birth dates, and physical addresses. Ghostr said they were able to download 103 GB of data during the Fanzone breach, including the customer information of over 500,000 customers.

The threat actor also shared data samples, allowing BleepingComputer to confirm with numerous customers listed in the breach that their data was accurate and that they recently requested support or an RMA from Cooler Master. Other data in the samples included product information, employee information, and information regarding emails with vendors. The threat actor claimed to have partial credit card information, but BleepingComputer could not find this data in the data samples. The threat actor now says they will sell the leaked data on hacking forums but has not disclosed the price. Cooler Master said in a statement to BleepingComputer: "We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process."

Apple prioritizes device durability over easier repairs, according to John Ternus, the company's head of hardware engineering, in a recent interview with YouTuber MKBHD. "It's objectively better for the customer to have that reliability," Ternus stated, adding that it is "ultimately better for the planet" due to significantly lower failure rates. Apple tests over 10,000 units of each product before release and incorporates real-world concerns into its testing suite.

An anonymous reader quotes a report from Ars Technica: Yesterday, Amazon failed to convince a US district court to dismiss the Federal Trade Commission's lawsuit targeting the tech giant's alleged history of tricking people into signing up for Prime. The FTC has alleged that Amazon "tricked, coerced, and manipulated consumers into subscribing to Amazon Prime," a court order said, failing to get informed consent by designing a murky sign-up process. And to keep subscriptions high, Amazon also "did not provide simple mechanisms for these subscribers to cancel their Prime memberships," the FTC alleged. Instead, Amazon forced "consumers intending to cancel to navigate a four-page, six-click, fifteen-option cancellation process." In their motion to dismiss, Amazon outright disputed these characterizations of its business, insisting its enrollment process was clear, its cancellation process was simple, and none of its executives could be held responsible for failing to fix these processes when "accidental" sign-ups became widespread. Amazon defended its current practices, arguing that some of its Prime disclosures "align with practices that the FTC encourages in its guidance documents." But the judge apparently did not find Amazon's denials completely persuasive. Viewing the FTC's complaint "in the light most favorable to the FTC," Judge John Chun concluded that "the allegations sufficiently indicate that Amazon had actual or constructive knowledge that its Prime sign-up and cancellation flows were misleading consumers."

In his order (PDF), Chun also denied individual motions to dismiss from Amazon executives Russell Grandinetti, Neil Lindsay, and Jamil Ghani, who oversaw Prime operations. Executives had urged the court to dismiss the FTC's claims against them. They argued that the FTC "singled them out 'for an 'unprecedented sanction'" when the agency had "only recently started prosecuting companies for using 'dark patterns'" under Restore Online Shoppers' Confidence Act (ROSCA) and the FTC Act. They claimed that the FTC never alerted them to any wrongdoing before filing the lawsuit, so how could they have known they were violating the law? According to Chun, however, the FTC sufficiently alleged that each of these executives knew they were violating consumer protection laws when prioritizing profits over eliminating dark patterns triggering "accidental" or "nonconsensual" Prime sign-ups. Chun explained that executives may be "personally liable for corporate violations of the FTC Act if the individual 'participated directly in, or had the authority to control, the unlawful acts or practices at issue.'"

For example, when Lindsay -- who in 2016 had the "most responsibility for the Prime subscription program" -- was "asked about Amazon's use of dark patterns during the Prime enrollment process," Lindsay justified the dark patterns. "Lindsay explained that once consumers become Prime members -- even unknowingly -- they will see what a great program it is and remain members, so Amazon is 'okay' with the situation," Chun's order said. And when Grandinetti, who "oversaw the Prime subscription program" in 2018, was told that the sign-up process and auto-renew feature frustrated customers, he "vetoed any changes that would reduce enrollment." Because executives seemingly prioritized profits over reducing customer friction, the FTC alleged that reasonable customers got sucked into Prime without their consent. Sometimes customers understandably got confused by the "discrepancy in size, location, and color" of Amazon's disclosures, Chun suggested. Other times, confusion struck when Amazon tried to upsell customers on Prime at checkout -- pairing their enrollment with their other shopping experience.

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster-Live Nation, compromising the personal data more than half a billion users. "This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000," reports Hackread. From the report: ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. The hacker group's bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.

Former FTX executive Ryan Salame has been sentenced to more than seven years in prison, "the first of the lieutenants of failed cryptocurrency mogul Sam Bankman-Fried to receive jail time for their roles in the 2022 collapse of the cryptocurrency exchange," reports the Associated Press. From the report: Salame, 30, was a high-ranking executive at FTX for most of the exchange's existence and, up until its collapse, was the co-CEO of FTX Digital Markets. He pleaded guilty last year to illegally making unlawful U.S. campaign contributions and to operating an unlicensed money-transmitting business. The sentence of 7 1/2 years in prison, plus three years of supervised release, was more than the five to seven years prosecutors had asked Judge Lewis A. Kaplan to impose on Salame in their pre-sentencing memo.

While Salame was a high-level executive at FTX, he was not a major part of the government's case against Bankman-Fried at his trial earlier this year and did not testify against him. In a bid for leniency, Salame said during the sentencing hearing that he cooperated and even provided documents that aided prosecutors in their cross examination of Bankman-Fried, as well as in his own prosecution. Along with helping Bankman-Fried hide the holes in FTX's balance sheet that ultimately led to the exchange's failure, Salame was used as a conduit for Bankman-Fried to make illegal campaign contributions to help shape U.S. policy on cryptocurrencies. On the surface, Bankman-Fried mostly gave political contributions to Democrats and liberal-leaning causes, while Salame gave contributions to Republicans and right-leaning causes. But ultimately the funds that Salame used for those contributions came from Bankman-Fried.

The judge also chastised Salame for pulling $5 million in cryptocurrencies out of FTX as the exchange was failing. "You tried to withdraw tens of millions more," Kaplan said. "It was me first. I'm getting in the lifeboat first. To heck with all those customers."

An anonymous reader quotes a report from the New York Times: The defense lawyer minced no words as he addressed a room full of plastic-industry executives. Prepare for a wave of lawsuits with potentially "astronomical" costs. Speaking at a conference earlier this year, the lawyer, Brian Gross, said the coming litigation could "dwarf anything related to asbestos," one of the most sprawling corporate-liability battles in United States history. Mr. Gross was referring to PFAS, the "forever chemicals" that have emerged as one of the major pollution issues of our time. Used for decades in countless everyday objects -- cosmetics, takeout containers, frying pans -- PFAS have been linked to serious health risks including cancer. Last month the federal government said several types of PFAS must be removed from the drinking water of hundreds of millions of Americans. "Do what you can, while you can, before you get sued," Mr. Gross said at the February session, according to a recording of the event made by a participant and examined by The New York Times. "Review any marketing materials or other communications that you've had with your customers, with your suppliers, see whether there's anything in those documents that's problematic to your defense," he said. "Weed out people and find the right witness to represent your company."

A wide swath of the chemicals, plastics and related industries are gearing up to fight a surge in litigation related to PFAS, or per- and polyfluoroalkyl substances, a class of nearly 15,000 versatile synthetic chemicals linked to serious health problems. [...] PFAS-related lawsuits have already targeted manufacturers in the United States, including DuPont, its spinoff Chemours, and 3M. Last year, 3M agreed to pay at least $10 billion to water utilities across the United States that had sought compensation for cleanup costs. Thirty state attorneys general have also sued PFAS manufacturers, accusing the manufacturers of widespread contamination. But experts say the legal battle is just beginning. Under increasing scrutiny are a wider universe of companies that use PFAS in their products. This month, plaintiffs filed a class-action lawsuit against Bic, accusing the razor company for failing to disclose that some of its razors contained PFAS. Bic said it doesn't comment on pending litigation, and said it had a longstanding commitment to safety.

The Biden administration has moved to regulate the chemicals, for the first time requiring municipal water systems to remove six types of PFAS. Last month, the Environmental Protection Agency also designated two of those PFAS chemicals as hazardous substances under the Superfund law, shifting responsibility for their cleanup at contaminated sites from taxpayers to polluters. Both rules are expected to prompt a new round of litigation from water utilities, local communities and others suing for cleanup costs. "To say that the floodgates are opening is an understatement," said Emily M. Lamond, an attorney who focuses on environmental litigation at the law firm Cole Schotz. "Take tobacco, asbestos, MTBE, combine them, and I think we're still going to see more PFAS-related litigation," she said, referring to methyl tert-butyl ether, a former harmful gasoline additive that contaminated drinking water. Together, the trio led to claims totaling hundreds of billions of dollars. Unlike tobacco, used by only a subset of the public, "pretty much every one of us in the United States is walking around with PFAS in our bodies," said Erik Olson, senior strategic director for environmental health at the Natural Resources Defense Council. "And we're being exposed without our knowledge or consent, often by industries that knew how dangerous the chemicals were, and failed to disclose that," he said. "That's a formula for really significant liability."

An anonymous reader quotes a report from Ars Technica: Some of the most infamous so-called shadow libraries have increasingly faced legal pressure to either stop pirating books or risk being shut down or driven to the dark web. Among the biggest targets are Z-Library, which the US Department of Justice has charged with criminal copyright infringement, and Library Genesis (Libgen), which was sued by textbook publishers last fall for allegedly distributing digital copies of copyrighted works "on a massive scale in willful violation" of copyright laws. But now these shadow libraries and others accused of spurning copyrights have seemingly found an unlikely defender in Nvidia, the AI chipmaker among those profiting most from the recent AI boom.

Nvidia seemed to defend the shadow libraries as a valid source of information online when responding to a lawsuit from book authors over the list of data repositories that were scraped to create the Books3 dataset used to train Nvidia's AI platform NeMo. That list includes some of the most "notorious" shadow libraries -- Bibliotik, Z-Library (Z-Lib), Libgen, Sci-Hub, and Anna's Archive, authors argued. However, Nvidia hopes to invalidate authors' copyright claims partly by denying that any of these controversial websites should even be considered shadow libraries.

"Nvidia denies the characterization of the listed data repositories as 'shadow libraries' and denies that hosting data in or distributing data from the data repositories necessarily violates the US Copyright Act," Nvidia's court filing said. The chipmaker did not go into further detail to define what counts as a shadow library or what potentially absolves these controversial sites from key copyright concerns raised by various ongoing lawsuits. Instead, Nvidia kept its response brief while also curtly disputing authors' petition for class-action status and defending its AI training methods as fair use. "Nvidia denies that it has improperly used or copied the alleged works," the court filing said, arguing that "training is a highly transformative process that may include adjusting numerical parameters including 'weights,' and that outputs of an LLM may be based, at least in part, on such 'weights.'" "Nvidia's argument likely depends on the court agreeing that AI models ingesting published works in order to transform those works into weights governing AI outputs is fair use," notes Ars. "However, authors have argued that 'these weights are entirely and uniquely derived from the protected expression in the training dataset' that has been copied without getting authors' consent or providing authors with compensation."

"Authors suing Nvidia have taken the next step, linking the chipmaker to shadow libraries by arguing that 'these shadow libraries have long been of interest to the AI-training community because they host and distribute vast quantities of unlicensed copyrighted material. For that reason, these shadow libraries also violate the US Copyright Act.'"

An anonymous reader quotes a report from Wired: Two years ago when "Michael," an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down. Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool called TrueCrypt. At some point, that file got corrupted and Michael lost access to the 20-character password he had generated to secure his 43.6 BTC (worth a total of about [...] $5,300, in 2013). Michael used the RoboForm password manager to generate the password but did not store it in his manager. He worried that someone would hack his computer and obtain the password. "At [that] time, I was really paranoid with my security," he laughs.

Grand is a famed hardware hacker who in 2022 helped another crypto wallet owner recover access to $2 million in cryptocurrencyhe thought he'd lost forever after forgetting the PIN to his Trezor wallet. Since then, dozens of people have contacted Grand to help them recover their treasure. But Grand, known by the hacker handle "Kingpin," turns down most of them, for various reasons. Grand is an electrical engineer who began hacking computing hardware at age 10 and in 2008 cohosted the Discovery Channel's Prototype This show. He now consults with companies that build complex digital systems to help them understand how hardware hackers like him might subvert their systems. He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password. But Michael stored his cryptocurrency in a software-based wallet, which meant none of Grand's hardware skills were relevant this time. [...] Michael contacted multiple people who specialize in cracking cryptography; they all told him "there's no chance" of retrieving his money. But last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.

Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version -- and subsequent versions until 2015 -- did indeed have a significant flaw that made the random number generator not so random. The RoboForm program unwisely tied the random passwords it generated to the date and time on the user's computer -- it determined the computer's date and time, and then generated passwords that were predictable. If you knew the date and time and other parameters, you could compute any password that would have been generated on a certain date and time in the past. [...] There was one problem: Michael couldn't remember when he created the password. According to the log on his software wallet, Michael moved bitcoin into his wallet for the first time on April 14, 2013. But he couldn't remember if he generated the password the same day or some time before or after this. So, looking at the parameters of other passwords he generated using RoboForm, Grand and Bruno configured RoboForm to generate 20-character passwords with upper- and lower-case letters, numbers, and eight special characters from March 1 to April 20, 2013. It failed to generate the right password. [...] Instead, they revealed that they had finally found the correct password -- no special characters. It was generated on May 15, 2013, at 4:10:40 pm GMT.