An anonymous reader quotes a report from Wired: Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new proposal on Sunday. The bipartisan proposal, titled the American Privacy Rights Act, or APRA, would limit the types of consumer data that companies can collect, retain, and use, allowing solely what they'd need to operate their services. Users would also be allowed to opt out of targeted advertising, and have the ability to view, correct, delete, and download their data from online services. The proposal would also create a national registry of data brokers, and force those companies to allow users to opt out of having their data sold. [...] In an interview with The Spokesman Review on Sunday, [Cathy McMorris Rodgers, House Energy and Commerce Committee chair] claimed that the draft's language is stronger than any active laws, seemingly as an attempt to assuage the concerns of Democrats who have long fought attempts to preempt preexisting state-level protections. APRA does allow states to pass their own privacy laws related to civil rights and consumer protections, among other exceptions.

In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Maria Cantwell, Senate Commerce Committee chair, refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn't been reintroduced, but APRA was designed as a compromise. "I think we have threaded a very important needle here," Cantwell told The Spokesman Review. "We are preserving those standards that California and Illinois and Washington have."

APRA includes language from California's landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law. The categories of data that would be impacted by APRA include certain categories of "information that identifies or is linked or reasonably linkable to an individual or device," according to a Senate Commerce Committee summary of the legislation. Small businesses -- those with $40 million or less in annual revenue and limited data collection -- would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and "entities working on behalf of governments" are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, "fraud-fighting" nonprofits. Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft "very strong" in a Sunday statement, but said he wanted to "strengthen" it with tighter child safety provisions.

Jessica Lyons reports via The Register: The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices. At issue are the Signaling System Number 7 (SS7) and Diameter protocols, which are used by fixed and mobile network operators to enable interconnection between networks. They are part of the glue that holds today's telecommunications together. According to the US watchdog and some lawmakers, both protocols include security weaknesses that leave folks vulnerable to unwanted snooping. SS7's problems have been known about for years and years, as far back as at least 2008, and we wrote about them in 2010 and 2014, for instance. Little has been done to address these exploitable shortcomings.

SS7, which was developed in the mid-1970s, can be potentially abused to track people's phones' locations; redirect calls and text messages so that info can be intercepted; and spy on users. The Diameter protocol was developed in the late-1990s and includes support for network access and IP mobility in local and roaming calls and messages. It does not, however, encrypt originating IP addresses during transport, which makes it easier for miscreants to carry out network spoofing attacks. "As coverage expands, and more networks and participants are introduced, the opportunity for a bad actor to exploit SS7 and Diameter has increased," according to the FCC [PDF].

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers' locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and -- if known -- the attacker's identity. This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking. Interested parties have until April 26 to submit comments, and then the FCC has a month to respond.

In November of 2021 America passed a "Bipartisan Infrastructure Law" which included $7.5 billion for up to 20,000 EV charging spots, or around 5,000 stations, notes the Washington Post (citing an analysis from the EV policy analyst group Atlas Public Policy).

And new stations are now already open in Hawaii, New York, Ohio and Pennsylvania, "and under construction in four other states. Twelve additional states have awarded contracts for constructing the charging stations." A White House spokesperson said America should reach its goal of 500,000 charging stations by 2026.

So why is it that right now — more than two years after the bill's passage — why does the Federal Highway System say the program has so far only delivered seven open charging stations with a total of 38 charging spots? Nick Nigro, founder of Atlas Public Policy, said that some of the delays are to be expected. "State transportation agencies are the recipients of the money," he said. "Nearly all of them had no experience deploying electric vehicle charging stations before this law was enacted." Nigro says that the process — states have to submit plans to the Biden administration for approval, solicit bids on the work, and then award funds — has taken much of the first two years since the funding was approved. "I expect it to go much faster in 2024," he added.

"We are building a national EV charging network from scratch, and we want to get it right," a spokesperson for the Federal Highway Administration said in an email. "After developing program guidance and partnering with states to guide implementation plans, we are hitting our stride as states move quickly to bring National Electric Vehicle Infrastructure stations online...."

Part of the slow rollout is that the new chargers are expected to be held to much higher standards than previous generations of fast chargers. The United States currently has close to 10,000 "fast" charging stations in the country, of which over 2,000 are Tesla Superchargers, according to the Department of Energy. Tesla Superchargers — some of which have been opened to drivers of other vehicles — are the most reliable fast-charging systems in the country. But many non-Tesla fast chargers have a reputation for poor performance and sketchy reliability. EV advocates have criticized Electrify America, the company created by Volkswagen after the company's "Dieselgate" emissions scandal, for spending hundreds of millions of dollars on chargers that don't work well. The company has said they are working to improve reliability. The data analytics company J.D. Power has estimated that only 80 percent of all charging attempts in the country are successful.

Biden administration guidance requires the new publicly funded chargers to be operational 97% of the time, provide 150kW of power at each charger, and be no more than one mile from the interstate, among many other requirements.EV policy experts say those requirements are critical to building a good nationwide charging program — but also slow down the build-out of the chargers. "This funding comes with dozens of rules and requirements," Laska said. "That is the nature of what we're trying to accomplish....

"States are just not operating with the same urgency that some of the rest of us are."
The article notes that private companies are also building charging stations — but the publicly-funded spots would increase America's car-charging capacity by around 50 percent, "a crucial step to alleviating 'range anxiety' and helping Americans shift into battery electric cars.

"States just have to build them first."

An anonymous reader quotes a report from Inside Climate News: Months in jail and thousands of dollars in fines and legal fees -- those are the consequences Alabamians and Arizonans could soon face for selling cell-cultured meat products that could cut into the profits of ranchers, farmers and meatpackers in each state. State legislators from Florida to Arizona are seeking to ban meat grown from animal cells in labs, citing a "war on our ranching" and a need to protect the agriculture industry from efforts to reduce the consumption of animal protein, thereby reducing the high volume of climate-warming methane emissions the sector emits. Agriculture accounts for about 11 percent of the country's greenhouse gas emissions, according to federal data, with livestock such as cattle making up a quarter of those emissions, predominantly from their burps, which release methane -- a potent greenhouse gas that's roughly 80 times more effective at warming the atmosphere than carbon dioxide over 20 years. Globally, agriculture accounts for about 37 percent of methane emissions.

For years, climate activists have been calling for more scrutiny and regulation of emissions from the agricultural sector and for nations to reduce their consumption of meat and dairy products due to their climate impacts. Last year, over 150 countries pledged to voluntarily cut emissions from food and agriculture at the United Nations' annual climate summit. But the industry has avoided increased regulation and pushed back against efforts to decrease the consumption of meat, with help from local and state governments across the U.S.

Bills in Alabama, Arizona, Florida and Tennessee are just the latest legislation passed in statehouses across the U.S. that have targeted cell-cultured meat, which is produced by taking a sample of an animal's muscle cells and growing them into edible products in a lab. Sixteen states -- Alabama, Arkansas, Georgia, Kansas, Kentucky, Louisiana, Maine, Mississippi, Missouri, Montana, North Dakota, Oklahoma, South Carolina, South Dakota, Texas and Wyoming -- have passed laws addressing the use of the word "meat" in such products' packaging, according to the National Agricultural Law Center at the University of Arkansas, with some prohibiting cell-cultured, plant-based or insect-based food products from being labeled as meat.

The non-profit Linux Foundation Energy hopes to develop energy-sector solutions (including standards, specifications, and software) supporting rapid decarbonization by collaborating with industry stakeholders.

And now they're involved in a new partnership with America's Joint Office of Energy — which facilitates collaboration between the federal Department of Energy and its Department of Transportation. The partnership's goal? To "build open-source software tools to support communications between EV charging infrastructure and other systems."

The Buildout reports: The partnership and effort — known as "Project EVerest" — is part of the administration's full-court press to improve the charging experience for EV owners as the industry's nationwide buildout hits full stride. "Project EVerest will be a game changer for reliability and interoperability for EV charging," Gabe Klein, executive director of the administration's Joint Office of Energy and Transportation, said yesterday in a post on social media....

Administration officials said that a key driver of the move to institute broad standards for software is to move beyond an era of unreliable and disparate EV charging services throughout the U.S. Dr. K. Shankari, a principal software architect at the Joint Office of Energy and Transportation, said that local and state governments now working to build out EV charging infrastructure could include a requirement that bidding contractors adhere to Project EVerest standards. That, in turn, could have a profound impact on providers of EV charging stations and services by requiring them to adapt to open source standards or lose the opportunity to bid on public projects. Charging availability and reliability are consistently mentioned as key turnoffs for potential EV buyers who want the infrastructure to be ready, easy, and consistent to use before making the move away from gas cars.

Specifically, the new project will aim to create what's known as an open source reference implementation for EV charging infrastructure — a set of standards that will be open to developers who are building applications and back-end software... And, because the software will be available for any company, organization, or developer to use, it will allow the creation of new EV infrastructure software at all levels without software writers having to start from scratch. "LF Energy exists to build the shared technology investment that the entire industry can build on top of," said Alex Thompson of LF Energy during the web conference. "You don't want to be re-inventing the wheel."
The tools will help communication between charging stations (and adjacent chargers), as well as vehicles and batteries, user interfaces and mobile devices, and even backend payment systems or power grids. An announcement from the Joint Office of Energy and Transportation says this software stack "will reduce instances of incompatibility resulting from proprietary systems, ultimately making charging more reliable for EV drivers." "The Joint Office is paving the way for innovation by partnering with an open-source foundation to address the needs of industry and consumers with technical tools that support reliable, safe and interoperable EV charging," said Sarah Hipel, Standards and Reliability Program Manager at the Joint Office.... With this collaborative development model, EVerest will speed up the adoption of EVs and decarbonization of transportation in the United States by accelerating charger development and deployment, increase customizability, and ensure high levels of security for the nation's growing network.
Linux Foundation Energy adds that reliable charging "is key to ensuring that anyone can confidently choose to ride or drive electric," predicting it will increase customizability for different use cases while offering long-term maintainability, avoiding vendor-lock in, and ensuring high levels of security. This is a pioneering example of the federal government collaborating to deploy code into an open source project...

"The EVerest project has been demonstrated in pilots around the world to make EV charging far more reliable and reduces the friction and frustration EV drivers have experienced when a charger fails to work or is not continually maintained," said LF Energy Executive Director Alex Thornton. "We look forward to partnering with the Joint Office to create a robust firmware stack that will stand the test of time, and be maintained by an active and growing global community to ensure the nation's charging infrastructure meets the needs of a growing fleet of electric vehicles today and into the future."
Thanks to Slashdot reader ElectricVs for sharing the article.

Joshua Schulte, a former CIA software engineer, was sentenced to 40 years in prison on Thursday for carrying out the largest theft of classified information in the agency's history and possessing child pornography. The Guardian reports: The 40-year sentence by US district judge Jesse Furman was for "crimes of espionage, computer hacking, contempt of court, making false statements to the FBI, and child pornography," federal prosecutors said in a statement. The judge did not impose a life sentence as sought by prosecutors. Joshua Schulte was convicted in July 2022 on four counts each of espionage and computer hacking and one count of lying to FBI agents, after giving classified materials to the whistleblowing agency WikiLeaks in the so-called Vault 7 leak. Last August, a judge mostly upheld the conviction.

WikiLeaks in March 2017 began publishing the materials, which concerned how the CIA surveilled foreign governments, alleged extremists and others by compromising their electronics and computer networks. Prosecutors characterized Schulte's actions as "the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information" in US history. Prosecutors also said Schulte received thousands of images and videos of child sexual abuse, and that they found the material in Schulte's New York apartment, in an encrypted container beneath three layers of password protection, during the CIA leaks investigation.

The Federal Emergency Management Agency (FEMA) announced today that it'll start reimbursing local governments for installing solar panels and more efficient appliances after a disaster strikes. From a report: The move can help communities prepare for another calamity by equipping them with tools that just might keep the lights on when they would otherwise suffer a power outage. It's also a way for the US to deploy technologies that cut greenhouse gas emissions and stave off worsening climate disasters like storms, heatwaves, and wildfires.

[...] This is the first time FEMA is funding "net-zero energy projects, including solar, heat pumps and efficient appliances" through its biggest grant program, called Public Assistance. It's available to communities recovering from a major event that the president has declared an emergency or disaster. Under the program, FEMA reimburses state, tribal, territorial, and local governments 75 percent of the cost of eligible recovery efforts. That's typically been to pay for "emergency protective measures," debris removal, and to rebuild public infrastructure.

Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. From a report: In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones. Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. [...] That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said.

He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying. In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

Amazon is the driving force behind a trio of advocacy groups working to thwart Microsoft's growing ambition to become a major cloud computing contractor for governments, a Bloomberg analysis shows. From the report: The groups -- the Cloud Infrastructure Services Providers in Europe (CISPE), the Coalition for Fair Software Licensing and the Alliance for Digital Innovation -- want to convince policymakers that Microsoft has improperly locked customers into Azure, its cloud computing service, choking off its rivals and hindering the advancement of technology within the government and beyond. These groups have dozens of members. But Amazon is the biggest funder for two of them and the largest company, measured by revenue, that funds another.

Spokespeople for the groups say no single company determines their agendas. But according to a Bloomberg News review of tax filings, documents and interviews with people familiar with the three groups' operations, Amazon Web Services plays a direct role in shaping their efforts in ways that would boost the cloud giant. Through aggressive lobbying of policymakers, these groups want to ensure that customers can use popular Microsoft products like Office Suite or Windows on any cloud computing system -- and, in particular, on Amazon Web Services, the world's number one cloud infrastructure provider and the retail giant's top profit driver.

To hammer that message, they've filed complaints, lobbied regulators and sought to shape the views of policymakers probing the cloud market. In one case, an Amazon executive is listed as the author of a public comment to the Federal Trade Commission, as well as testimony and letters to Congress on behalf of the group, according to an analysis of the documents' metadata, revealing the tech giant's role in the lobbying campaign. (The group says the documents reflect the consensus position of its members.) Amazon denied it authored statements for the group.

This week the Verge's podcast Decoder interviewed former U.S. president Barack Obama for a discussion on "AI, free speech, and the future of the internet."

Obama warns that future copyright questions are just part of a larger issue. "If AI turns out to be as pervasive and as powerful as it's proponents expect — and I have to say the more I look into it, I think it is going to be that disruptive — we are going to have to think about not just intellectual property; we are going to have to think about jobs and the economy differently."

Specific issues may include the length of the work week and the fact that health insurance coverage is currently tied to employment — but it goes far beyond that: The broader question is going to be what happens when 10% of existing jobs now definitively can be done by some large language model or other variant of AI? And are we going to have to reexamine how we educate our kids and what jobs are going to be available...?

The truth of the matter is that during my presidency, there was I think a little bit of naivete, where people would say, you know, "The answer to lifting people out of poverty and making sure they have high enough wages is we're going to retrain them and we're going to educate them, and they should all become coders, because that's the future." Well, if AI's coding better than all but the very best coders? If ChatGPT can generate a research memo better than the third-, fourth-year associate — maybe not the partner, who's got a particular expertise or judgment? — now what are you telling young people coming up?
While Obama believes in the transformative potential of AI, "we have to be maybe a little more intentional about how our democracies interact with what is primarily being generated out of the private sector. What rules of the road are we setting up, and how can we make sure that we maximize the good and maybe minimize some of the bad?"

AI's impact will be a global problem, Obama believes, which may require "cross-border frameworks and standards and norms". (He expressed a hope that governments can educate the public on the idea that AI is "a tool, not a buddy".) During the 44-minute interview Obama predicted AI will ultimately force a "much more robust" public conversation about rules needed for social media — and that at least some of that pressure could come from how consumers interact with companies. (Obama also argues there will still be a market for products that don't just show you what you want to see.)

"One of Obama's worries is that the government needs insight and expertise to properly regulate AI," writes the Verge's editor-in-chief in an article about the interview, "and you'll hear him make a pitch for why people with that expertise should take a tour of duty in the government to make sure we get these things right." You'll hear me get excited about a case called Red Lion Broadcasting v. FCC, a 1969 Supreme Court decision that said the government could impose something called the Fairness Doctrine on radio and television broadcasters because the public owns the airwaves and can thus impose requirements on how they're used. There's no similar framework for cable TV or the internet, which don't use public airwaves, and that makes them much harder, if not impossible, to regulate. Obama says he disagrees with the idea that social networks are something called "common carriers" that have to distribute all information equally.
Obama also applauded last month's newly-issued Executive Order from the White House, a hundred-page document which Obama calls important as "the beginning of building out a framework." We don't know all the problems that are going to arise out of this. We don't know all the promising potential of AI, but we're starting to put together the foundations for what we hope will be a smart framework for dealing with it... In talking to the companies themselves, they will acknowledge that their safety protocols and their testing regimens may not be where they need to be yet. I think it's entirely appropriate for us to plant a flag and say, "All right, frontier companies, you need to disclose what your safety protocols are to make sure that we don't have rogue programs going off and hacking into our financial system," for example. Tell us what tests you're using. Make sure that we have some independent verification that right now this stuff is working.

But that framework can't be a fixed framework. These models are developing so quickly that oversight and any regulatory framework is going to have to be flexible, and it's going to have to be nimble.

David Shepardson reports via Reuters: The top members of a U.S. House committee on China are introducing a bill that seeks to ban the U.S. government from buying Chinese drones. Mike Gallagher, the Republican chair of the committee, and Raja Krishnamoorthi, the ranking Democrat, are introducing the "American Security Drone Act" on Wednesday, the lawmakers said in a statement to Reuters. "This bill would prohibit the federal government from using American taxpayer dollars to purchase this equipment from countries like China," Gallagher said. "It is imperative that Congress pass this bipartisan bill to protect U.S. interests and our national security supply chain."

The bill would also bar local and state governments from purchasing Chinese drones using federal grants and require a federal report detailing the amount of foreign commercial off-the-shelf drones and covered unmanned aircraft systems procured by federal departments and agencies from China. Krishnamoorthi said the bill "helps protect against any vulnerabilities posed by our government agencies' reliance on foreign-manufactured drone technology and will encourage growth in the U.S. drone industry."

Separately, the U.S. Senate on Tuesday unanimously approved an amendment proposed by Republican Senator Marsha Blackburn and Democrat Mark Warner that would prohibit the Federal Aviation Administration (FAA) from operating or providing federal funds for drones produced in China, Russia, Iran, North Korea, Venezuela or Cuba. "Taxpayer dollars should never fund drones manufactured in regions that are hostile toward our nation," Blackburn said. China recently announced export controls on some drones and drone-related equipment, saying it wanted to safeguard "national security and interests." The U.S. Commerce Department in 2020 added dozens of Chinese companies to a trade blacklist, including the country's top chipmaker SMIC and Chinese drone giant DJI.

Nearly two dozen species are being taken off America's endangered species list, reports CBS News, "because they are extinct, the U.S. Fish and Wildlife Service said Monday." Most of the species were listed under the Endangered Species Act in the 1970s or 1980s and were very low in numbers or likely already extinct at the time of listing. In the years since, "rigorous reviews of the best available science" have been conducted to determine whether the animals are extinct. "Federal protection came too late to reverse these species' decline, and it's a wake-up call on the importance of conserving imperiled species before it's too late," Service Director Martha Williams said. Scientists in 2019 warned that worldwide, 1 million species of plants and animals were at risk of extinction.

There are more than 1,300 species listed as either endangered or threatened in the United States under the Endangered Species Act. The 21 species being removed include one mammal, 10 types of birds, two species of fish and eight types of mussels. Eight of the 21 species were found in Hawaii.
From the agency's announcement: The 21 species extinctions highlight the importance of the Endangered Species Act and efforts to conserve species before declines become irreversible. The circumstances of each also underscore how human activity can drive species decline and extinction by contributing to habitat loss, overuse, and the introduction of invasive species and diseases...

The Endangered Species Act has been highly effective and credited with saving 99% of listed species from extinction. Thus far, more than 100 species of plants and animals have been delisted based on recovery or reclassified from endangered to threatened based on improved conservation status, and hundreds more species are stable or improving thanks to the collaborative actions of Tribes, federal agencies, state and local governments, conservation organizations and private citizens.
An official from the agency said in the announcement "The ultimate goal is to recover these species, so they no longer need the Act's protection."

Apple said it has asked the US Supreme Court to review a judge's ruling from two years ago that could diminish the billions of dollars in revenue its App Store generates by letting app developers direct users to alternative payment methods. From a report: Apple's request to the high court on Thursday is its latest salvo in a drawn-out battle with Epic Games over how the iPhone maker runs its app marketplace. App Store revenue is lucrative for Apple, with developers charged a commission of as much as 30% for sales of digital goods and services -- a fee that the maker of the popular Fortnite game is trying to avoid paying. At the same time, years of complaints from app developers and scrutiny from governments globally have already forced Apple to rewrite some of the rules protecting its dominance in the $160 billion app distribution marketplace.

Apple's request comes a day after Epic petitioned the Supreme Court to review a separate part of the ruling, that App Store policies don't violate federal antitrust laws. Apple's filing couldn't immediately be confirmed in court records. The Supreme Court, per its regular schedule, could decide by the end of the year or early next year whether it will take up either or both of the petitions. In a mixed ruling in September 2021 following a trial, a federal judge in Oakland, California, largely rejected Epic's claims that Apple's online marketplace policies violated federal law by barring third-party app marketplaces on its operating system. But she also found that Apple flouted California state law by blocking developers from letting consumers know about alternative payment methods. The 9th US Circuit Court of Appeals affirmed the trial judge's decision in April.

An Australian Senate committee has recommended a ban on the Chinese-owned video-sharing app TikTok from federal government devices be extended to China's most popular social media platform, WeChat. From a report: The Committee on Foreign Interference through Social Media also recommended in a report late Tuesday that social media giants such as Facebook and Twitter should become more transparent or be fined. Committee chair James Paterson said on Wednesday the report's recommendations would make Australia a more difficult target for the serious foreign interference risks that the nation faced. "It tackles both the problems posed by authoritarian-headquartered social media platforms like TikTok and WeChat and Western-headquartered social media platforms being weaponized by the actions of authoritarian governments including Facebook, YouTube and Twitter," Paterson told reporters.

An anonymous reader quotes a report from TechCrunch: U.S. government services contracting giant Maximus has confirmed that hackers exploiting a vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals. Virginia-based Maximus contracts with federal, state and local governments to manage and administer government-sponsored programs, such as Medicaid, Medicare, healthcare reform and welfare-to-work. In an 8-K filing on Wednesday, Maximus confirmed that the personal information of a "significant number" of individuals was accessed by hackers exploiting a zero-day vulnerability in MOVEit Transfer, which the organization uses to "share data with government customers pertaining to individuals who participate in various government programs."

While Maximus hasn't yet been able to confirm the exact number of individuals impacted -- something the company expects to take "several more weeks" -- the organization said it believes hackers accessed the personal data, including Social Security numbers and protected health information, of "at least" 8 to 11 million individuals. If the latter, this would make the breach the largest breach of healthcare data this year -- and the most significant data breach reported as a result of the MOVEit mass-hacks. Maximus has not confirmed which specific types of health data were accessed and has not responded to TechCrunch's questions. In its 8-K filing, the company said it began notifying impacted customers and federal and state regulators, adding that it expects the security incident to cost approximately $15 million to investigate and remediate. Clop, the Russia-linked data extortion group responsible for the MOVEit mass-hacks, claims to have stolen 169 gigabytes of data from Maximus, which it has not yet published. The report notes that "more than 500 organizations have so far been impacted by the MOVEit mass-hacks, exposing the personal information of more than 34.5 million people."

Forbes' senior writer on cybersecurity writes on the "warrantless monitoring of citizens en masse" in the United States.

Here's how county police armed with a "powerful new AI tool" identified the suspicious driving pattern of a grey Chevy owned by David Zayas: Searching through a database of 1.6 billion license plate records collected over the last two years from locations across New York State, the AI determined that Zayas' car was on a journey typical of a drug trafficker. According to a Department of Justice prosecutor filing, it made nine trips from Massachusetts to different parts of New York between October 2020 and August 2021 following routes known to be used by narcotics pushers and for conspicuously short stays. So on March 10 last year, Westchester PD pulled him over and searched his car, finding 112 grams of crack cocaine, a semiautomatic pistol and $34,000 in cash inside, according to court documents. A year later, Zayas pleaded guilty to a drug trafficking charge.

The previously unreported case is a window into the evolution of AI-powered policing, and a harbinger of the constitutional issues that will inevitably accompany it... Westchester PD's license plate surveillance system was built by Rekor, a $125 million market cap AI company trading on the NASDAQ. Local reporting and public government data reviewed by Forbes show Rekor has sold its ALPR tech to at least 23 police departments and local governments across America, from Lauderhill, Florida to San Diego, California. That's not including more than 40 police departments across New York state who can avail themselves of Westchester County PD's system, which runs out of its Real-Time Crime Center... It also runs the Rekor Public Safety Network, an opt-in project that has been aggregating vehicle location data from customers for the last three years, since it launched with information from 30 states that, at the time, were reading 150 million plates per month. That kind of centralized database with cross-state data sharing, has troubled civil rights activists, especially in light of recent revelations that Sacramento County Sheriff's Office was sharing license plate reader data with states that have banned abortion...

The ALPR market is growing thanks to a glut of Rekor rivals, including Flock, Motorola, Genetec, Jenoptik and many others who have contracts across federal and state governments. They're each trying to grab a slice of a market estimated to be worth at least $2.5 billion... In pursuit of that elusive profit, the market is looking beyond law enforcement to retail and fast food. Corporate giants have toyed with the idea of tying license plates to customer identities. McDonalds and White Castle have already begun using ALPR to tailor drive-through experiences, detecting returning customers and using past orders to guide them through the ordering process or offer individualized promotion offers. The latter restaurant chain uses Rekor tech to do that via a partnership with Mastercard.
A senior staff attorney at the ACLU tells Forbes that "The scale of this kind of surveillance is just incredibly massive."

Thanks to long-time Slashdot reader Geek_Cop for sharing the article.

New submitter ole_timer shares a report from Wired: TikTok to Huawei routers to DJI drones, rising tensions between China and the US have made Americans -- and the US government -- increasingly wary of Chinese-owned technologies. But thanks to the complexity of the hardware supply chain, encryption chips sold by the subsidiary of a company specifically flagged in warnings from the US Department of Commerce for its ties to the Chinese military have found their way into the storage hardware of military and intelligence networks across the West. In July of 2021, the Commerce Department's Bureau of Industry and Security added the Hangzhou, China-based encryption chip manufacturer Hualan Microelectronics, also known as Sage Microelectronics, to its so-called "Entity List," a vaguely named trade restrictions list that highlights companies "acting contrary to the foreign policy interests of the United States." Specifically, the bureau noted that Hualan had been added to the list for "acquiring and ... attempting to acquire US-origin items in support of military modernization for [China's] People's Liberation Army."

Yet nearly two years later, Hualan -- and in particular its subsidiary known as Initio, a company originally headquartered in Taiwan that it acquired in 2016 -- still supplies encryption microcontroller chips to Western manufacturers of encrypted hard drives, including several that list as customers on their websites Western governments' aerospace, military, and intelligence agencies: NASA, NATO, and the US and UK militaries. Federal procurement records show that US government agencies from the Federal Aviation Administration to the Drug Enforcement Administration to the US Navy have bought encrypted hard drives that use the chips, too. The disconnect between the Commerce Department's warnings and Western government customers means that chips sold by Hualan's subsidiary have ended up deep inside sensitive Western information networks, perhaps due to the ambiguity of their Initio branding and its Taiwanese origin prior to 2016. The chip vendor's Chinese ownership has raised fears among security researchers and China-focused national security analysts that they could have a hidden backdoor that would allow China's government to stealthily decrypt Western agencies' secrets. And while no such backdoor has been found, security researchers warn that if one did exist, it would be virtually impossible to detect it.

"If a company is on the Entity List with a specific warning like this one, it's because the US government says this company is actively supporting another country's military development," says Dakota Cary, a China-focused research fellow at the Atlantic Council, a Washington, DC-based think tank. "It's saying you should not be purchasing from them, not just because the money you're spending is going to a company that will use those proceeds in the furtherance of another country's military objectives, but because you can't trust the product." [...] The mere fact that so many Western government agencies are buying products that include chips sold by the subsidiary of a company on the Commerce Department's trade restrictions list points to the complexities of navigating the computing hardware supply chain, says the Atlantic Council's Cary. "At minimum, it's a real oversight. Organizations that should be prioritizing this level of security are apparently not able to do so, or are making mistakes that have allowed for these products to get into their environments," he says. "It seems very significant. And it's probably not a one-off mistake."

Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday. From a report: The breach has affected 3.5 million Oregonians with driver's licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. The Louisiana governor's office did not put a number on the number of victims but over 3 million Louisianians hold driver's licenses, according to public data. The states did not blame anyone in particular for the hack, but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang. The sweeping hack has likely exposed data at hundreds of organizations across the globe and also compromised multiple US federal agencies, including the Department of Energy, as well as data from major corporations in Britain like the BBC and British Airways. The Russian-speaking hackers that claimed credit are known to demand multimillion-dollar ransoms, though US and state governments say they have not received any demands.

An anonymous reader quotes a report from CNN: Several US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software, according to a top US cybersecurity agency. The US Cybersecurity and Infrastructure Security Agency "is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications," Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. "We are working urgently to understand impacts and ensure timely remediation." It was not immediately clear if the hackers responsible for breaching the federal agencies were a Russian-speaking ransomware group that has claimed credit for numerous other victims in the hacking campaign.

Agencies were much quicker Thursday to deny they'd been affected by the hacking than to confirm they were. The Transportation Security Administration and the State Department said they were not victims of the hack. CISA Director Jen Easterly told MSNBC on Thursday that she was "confident" that there will not be "significant impacts" to federal agencies from the hacks because of the government's defensive improvements. But the news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.

The new hacking campaign shows the widespread impact that a single software flaw can have if exploited by skilled criminals. The hackers -- a well-known group whose favored malware emerged in 2019 -- in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion. Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

U.S. states are now "doling out more cash than ever to lure multibillion-dollar microchip, electric vehicle and battery factories," reports the Associated Press, "inspiring ever-more competition as they dig deeper into their pockets to attract big employers and capitalize on a wave of huge new projects." Georgia, Kansas, Michigan, New York, North Carolina, Ohio and Texas have made billion-dollar pledges for a microchip or EV plant, with more state-subsidized plant announcements by profitable automakers and semiconductor giants surely to come. States have long competed for big employers. But now they are floating more billion-dollar offers and offering record-high subsidies, lavishing companies with grants and low-interest loans, municipal road improvements, and breaks on taxes, real estate, power and water....

The projects come at a transformative time for the industries, with automakers investing heavily in electrification and chipmakers expanding production in the U.S. following pandemic-related supply chain disruptions that raised economic and national security concerns. One of the driving forces behind them are federal subsidies signed into law last summer that are meant to encourage companies to produce electric vehicles, EV batteries, and computer chips domestically. Another is that states are flush with cash thanks to inflation-juiced tax collections and federal pandemic relief subsidies. The number of big projects and the size of state subsidy packages are extraordinary, said Nathan Jensen, a University of Texas professor who researches government economic development strategies.

"It is kind of a Wild West moment," Jensen said. "It's wild money and every state seems to be in on it."

Many of the companies drawing the biggest subsidy offers — such as Intel, Hyundai, Panasonic, Micron, Toyota, Ford and General Motors — are profitable and operate around the globe. Some lesser-known names in the nascent EV field are getting big offers too, such as Rivian, Volkswagen-backed Scout Motors and Vietnamese automaker VinFast. The subsidy offers are generally embraced by politicians from both major parties and the business elite, who point to promises of hundreds or thousands of jobs, massive investments in construction and equipment, and what they contend are immeasurable trickle-down benefits.

Still, academics who study such subsidies find them to be a waste of money and rarely decisive in a company's choice of location.