The Biden administration on Monday announced a new executive order that would broadly ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. From a report: The move to ban federal agencies -- including law enforcement, defense and intelligence -- from using commercial spyware comes as officials confirmed that dozens of U.S. government personnel had their phones targeted. Human rights defenders and security researchers have for years warned of the risks posed by commercial spyware, created in the private sector and sold almost exclusively to governments and nation states. [...] In a call with reporters ahead of the order's signing, Biden administration officials said that the United States was trying to get ahead of the problem and set standards for other governments and its allies, which buy and deploy commercial spyware. The order is the latest action taken by the government in recent years, including banning some spyware makers from doing business in the U.S. and passing laws aimed at limiting the use and procurement of spyware by federal agencies.

Amazon did not alert its New York City customers that they were being monitored by facial recognition technology, a lawsuit filed Thursday alleges. CNBC reports: In a class-action suit, lawyers for Alfredo Perez said that the company failed to tell visitors to Amazon Go convenience stores that the technology was in use. Thanks to a 2021 law, New York is the only major American city to require businesses to post signs if they're tracking customers' biometric information, such as facial scans or fingerprints. [...] The lawsuit says that Amazon only recently put up signs informing New York customers of its use of facial recognition technology, more than a year after the disclosure law went into effect. "To make this 'Just Walk Out' technology possible, the Amazon Go stores constantly collect and use customers' biometric identifier information, including by scanning the palms of some customers to identify them and by applying computer vision, deep learning algorithms, and sensor fusion that measure the shape and size of each customer's body to identify customers, track where they move in the stores, and determine what they have purchased," says the lawsuit.

"It means that even a global tech giant can't ignore local privacy laws," Albert Cahn, project director, said in a text message. "As we wait for long overdue federal privacy laws, it shows there is so much local governments can do to protect their residents."

Politico reports: Governments and businesses have spent two decades rushing to the cloud — trusting some of their most sensitive data to tech giants that promised near-limitless storage, powerful software and the knowhow to keep it safe.

Now the White House worries that the cloud is becoming a huge security vulnerability.

So it's embarking on the nation's first comprehensive plan to regulate the security practices of cloud providers like Amazon, Microsoft, Google and Oracle, whose servers provide data storage and computing power for customers ranging from mom-and-pop businesses to the Pentagon and CIA.... Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry....

So far, cloud providers have haven't done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies. That risk is only growing, said Rob Knake, the deputy national cyber director for strategy and budget. Foreign hackers have become more adept at "spinning up and rapidly spinning down" new servers, he said — in effect, moving so quickly from one rented service to the next that new leads dry up for U.S. law enforcement faster than it can trace them down.

On top of that, U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections — both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money. That practice complicated the federal investigations into the SolarWinds attack, because the agencies that fell victim to the Russian hacking campaign had not paid extra for Microsoft's enhanced data-logging features.... Part of what makes that difficult is that neither the government nor companies using cloud providers fully know what security protections cloud providers have in place. In a study last month on the U.S. financial sector's use of cloud services, the Treasury Department found that cloud companies provided "insufficient transparency to support due diligence and monitoring" and U.S. banks could not "fully understand the risks associated with cloud services."

"Wherever you live, you should be paying attention to Utah Senate Bill 152 and the somewhat similar House Bill 311," writes tech journalist and long-time child safety advocate Larry Magid in an op-ed via the Mercury News. "Even though it's legislation for a single state, it could set a dangerous precedent and make it harder to pass and enforce sensible federal legislation that truly would protect children and other users of connected technology." From the report: SB 152 would require parents to provide their government-issued ID and physical address in order for their child or teenager to access social media. But even if you like those provisions, this bill would require everyone -- including adults -- to submit government-issued ID to sign up for a social media account, including not just sites like Facebook, Instagram, Snapchat and TikTok, but also video sharing sites like YouTube, which is commonly used by schools. The bill even bans minors from being online between 10:30 p.m. and 6:30 a.m., empowering the government to usurp the rights of parents to supervise and manage teens' screen time. Should it be illegal for teens to get up early to finish their homework (often requiring access to YouTube or other social media) or perhaps access information that would help them do early morning chores? Parents -- not the state -- should be making and enforcing their family's schedule.

I oppose these bills from my perch as a long-time child safety advocate (I wrote "Child Safety on the Information Highway" in 1994 for the National Center for Missing & Exploited Children and am currently CEO of ConnectSafely.org). However well-intentioned, they could increase risk and deny basic rights to children and adults. SB 152 would require companies to keep a "record of any submissions provided under the requirements," which means there would not only be databases of all social media users, but also of users under 18, which could be hacked by criminals or foreign governments seeking information on Utah children and adults. And, in case you think that's impossible, there was a breach in 2006 of a database of children that was mandated by the State of Utah to protect them from sites that displayed or promoted pornography, alcohol, tobacco and gambling. No one expects a data breach, but they happen on a regular basis. There is also the issue of privacy. Social media is both media and speech, and some social media are frequented by people who might not want employers, family members, law enforcement or the government to know what information they're consuming. Whatever their interests, people should have the right to at least anonymously consume information or express their opinions. This should apply to everyone, regardless of who they are, what they believe or what they're interested in. [...]

It's important to always look at the potential unintended consequences of legislation. I'm sure the lawmakers in Utah who are backing this bill have the best interests of children in mind. But this wouldn't be the first law designed to protect children that actually puts them at risk or violates adult rights in the name of child protection. I applaud any policymaker who wants to find ways to protect kids and hold technology companies accountable for doing their part to protect privacy and security as well as employing best-practices when it comes to the mental health and well being of children. But the legislation, whether coming from Utah, another state or Washington, D.C., must be sensible, workable, constitutional and balanced, so it at the very least, does more good than harm.

The Washington Post reports that "there are only seven working offshore wind turbines in the entire United States at the moment. In Europe, there are more than 5,000. China also has thousands."

And yet 17 wind-power projects in the eastern U.S. are facing "considerable" resistance, while shareholders "are pressuring companies not to invest in more projects beyond the wave that has already begun, said Paul Zimbardo, an analyst at Bank of America." Surging costs from inflation and labor shortages have developers saying their projects may not be profitable. A raft of lawsuits and pending federal restrictions to protect sensitive wildlife could further add to costs. The uncertainty has clouded bright expectations for massive growth in U.S. offshore wind, which the Biden administration and several state governments have bet big on in their climate plans. "We're trying to stand up an entire industry in the United States, and we're having natural growing pains," said Cindy Muller, a lawyer who runs the Houston office and co-chairs the offshore wind initiative at the law firm Jones Walker.

State leaders and the Biden administration have homed in on the industry because the power of offshore winds can produce a rare round-the-clock source of greenhouse-gas-free electricity — and one difficult for future administrations to undo once turbines are in the ground. The administration set a goal for 30 gigawatts of new power from offshore wind by 2030. That is about 3 percent of what the country needs to get to 80 percent clean electricity by that time, according to estimates from a team led by University of California at Berkeley researchers.... Delays make it unlikely that the Biden administration will meet its 2030 goal, lawyers and analysts said.
The article notes that last fall three wind developers"moved to renegotiate their contracts, saying they can no longer afford to deliver power for the prices promised because of soaring costs." And meanwhile a massive wind project south of Martha's Vineyard, Massachusetts "is years behind schedule amid regulatory delays and litigation from opponents."

Though the project has finally started laying cable, now an oil company-funded advocacy group "is providing the financial backing and legal expertise for litigation...taking up the cause of the whales in court." (This despite the fact that America's ocean-montoring agency, the NOAA, says whales aren't affected by wind power.) The Post notes that the project's construction finally began "a little more than a year ago...in the same area where a die-off of humpback whales began seven years ago." NOAA says about 40% of the whales showed evidence they'd been struck by a ship or entangled in nets, and both whales and fishermen "may be following their prey (small fish) which are reportedly close to shore this winter."

Ironically, the Sierra Club tells the Washington Post that "The biggest threat to the ocean ecosystem is climate change."

An anonymous reader quotes a report from NPR: Decades of research by scientists at Exxon accurately predicted how much global warming would occur from burning fossil fuels, according to a new study in the journal Science. The findings clash with an enormously successful campaign that Exxon spearheaded and funded for more than 30 years which cast doubt on human-driven climate change and the science underpinning it. That narrative helped delay federal and international action on climate change, even as the impacts of climate change worsened.

Over the last few years, journalists and researchers revealed that Exxon did in-house research that showed it knew that human-caused climate change is real. The new study looked at Exxon's research and compared it to the warming that has actually happened. Researchers at Harvard University and the Potsdam Institute for Climate Impact Research analyzed Exxon's climate studies from 1977 to 2003. The researchers show the company, now called ExxonMobil, produced climate research that was at least as accurate as work by independent academics and governments -- and occasionally surpassed it. That's important because ExxonMobil and the broader fossil fuel industry face lawsuits nationwide claiming they misled the public on the harmful effects of their products. "The bottom line is we found that they were modeling and predicting global warming with, frankly, shocking levels of skill and accuracy, especially for a company that then spent the next couple of decades denying that very climate science," says lead author Geoffrey Supran, who now is an associate professor of environmental science and policy at the University of Miami.

"Specifically, what we've done is to actually put a number for the first time on what Exxon knew, which is that the burning of their fossil fuel products would heat the planet by something like 0.2 [degrees] Celsius every single decade," Supran says.

The report notes that ExxonMobil "faces more than 20 lawsuits brought by states and local governments for damages caused by climate change." These new findings could provide more evidence for those cases as they progress through the courts, says Karen Sokol, a law professor at Loyola University in New Orleans.

"What Exxon scientists found and what they communicated to company executives was nothing short of horrifying," says Sokol. "Imagine that world and the different trajectory that consumers, investors and policymakers would have taken when we still had time, versus now when we're entrenched in a fossil fuel based economy that's getting increasingly expensive and difficult to exit," says Sokol.

An anonymous reader quotes a report from Techdirt: "In an enormous breakthrough for those seeking transparency and accountability to the shadowy surveillance industry, the Swiss Government has been forced to publish the list of export licenses for surveillance technologies and other equipment, including details of their cost and destination," [reports The Unwanted Witness.] "The decision by the Federal Information and Data Protection Commissioner comes on the heels of consistent pressure from Privacy International, Swiss journalists, and several Members of Parliament on policymakers, government officials, and companies in Switzerland over the past year and a half. The commissioner's decision was the result of a FOI challenge filed against the State Secretariat for Economic Affairs (SECO) for its refusal to reveal information regarding the destination of the pending exports for surveillance technologies."

The beneficiary of this release by SECO is, of course, everyone who's interested in government accountability and transparency, especially when it involves an area of government work that tends to shrouded in often impenetrable secrecy. The most direct beneficiary -- Swiss news agency Tagblatt -- has plenty to say about the release of this information, including how much SECO simply did not want to reveal the countries Swiss surveillance tech providers sell to. (The following was translated by Google Translate, so apologies for the clunky English.) The Seco does not act entirely voluntarily: Our newspaper only received the list after it requested access to the administration in 2013 based on the principle of transparency. At the end of 2014, the federal data protection officer recommended granting access, although Seco wanted to refuse this. [The Data Protection Commissioner] picks [Seco's] arguments to pieces. It didn't even provide a minimal justification. But that's not all: Seco was unable to prove why the announcement of the recipients was affecting Switzerland's foreign policy relations.

The technology these countries acquired from Swiss tech purveyors are IMSI catchers -- cell tower spoofers capable of forcing all phones in the area to connect to it so investigators can locate sought devices or (if enabled) intercept communications. Twenty-one export licenses were issued in 2014, with the list encompassing a long list of human rights abusers. [...] The approved list for full licenses doesn't exactly suggest a whole lot of discretion from Swiss IMSI manufacturers. Nor does it say much about SECO, which allowed these sales (and demonstrations) to happen. The list of denied license applications (which includes Russia, Yemen, and Turkmenistan) suggests some restraint by SECO. But the fact that Swiss spy tech makers requested the licenses shows they are just as willing to sell to terrible governments as other surveillance tech purveyors who've made international headlines repeatedly. (Yes, we're talking about Israel's NSO Group. And, to a lesser extent, Italy's Hacking Team.) "And it's not just IMSI catchers," says Techdirt's Tim Cushing. "Plenty of human rights violators were on the list of potential customers for internet surveillance tech sold by Swiss companies. That those violators were unable to access this tech is largely due to the Snowden leaks, which forced a lot of countries to look more closely at their own spying efforts and surveillance contractors."

"That's a pretty nasty group of customers to want to sell to. And that the companies appear to have been deterred by a series of leaks suggests they were more motivated by potential backlash from the Snowden revelations, rather than any sense of responsibility or propriety."

In closing, Cushing writes: "You don't have to sell to the worst governments in the world. But, like far too many other surveillance tech purveyors, Swiss companies seemed more than willing to sell powerful spy tech to governments they knew with certainty would abuse it."

Microsoft today announced that it acquired Lumenisity, a U.K.-based startup developing "hollow core fiber (HCF)" technologies primarily for data centers and ISPs. From a report: Microsoft says that the purchase, the terms of which weren't disclosed, will "expand [its] ability to further optimize its global cloud infrastructure" and "serve Microsoft's cloud platform and services customers with strict latency and security requirements." HCF cables fundamentally combine optical fiber and coaxial cable. They've been around since the '90s, but what Lumenisity brings to the table is a proprietary design with an air-filled center channel surrounded by a ring of glass tubes. The idea is that light can travel faster through air than glass; in a trial with Comcast in April, a single strand of Lumenisity HCF was reportedly able to deliver traffic rates ranging from 10 Gbps to 400 Gbps.

"HCF can provide benefits across a broad range of industries including healthcare, financial services, manufacturing, retail and government," Girish Bablani, CVP of Microsoft's Azure Core business, wrote in a blog post. "For the public sector, HCF could provide enhanced security and intrusion detection for federal and local governments across the globe. In healthcare, because HCF can accommodate the size and volume of large data sets, it could help accelerate medical image retrieval, facilitating providers' ability to ingest, persist and share medical imaging data in the cloud. And with the rise of the digital economy, HCF could help international financial institutions seeking fast, secure transactions across a broad geographic region."

A new working paper by Matthew Ferranti -- a fifth-year PhD candidate in Harvard's economics department and advisee of Ken Rogoff, a former economist at the IMF and the Federal Reserve Board of Governors who is now a Harvard professor -- has caused a minor splash. From a report: In it, Ferranti argues that it makes sense for many central banks to hold a small amount of Bitcoin under normal circumstances, and much more Bitcoin if they face sanctions risks, though his analysis finds gold is a more useful sanctions hedge. DFD caught up with Ferranti at Harvard's Cabot Science Library to discuss the working paper, which has not been peer-reviewed since its initial publication online late last month.

What are the implications of your findings?
You can read op-eds, for example in the Wall Street Journal, where people say, "We overused sanctions. It's going to come back to bite us because people are not going to want to use dollars." But the contribution of my paper is to put a number on that and say, "Okay, how big of a deal is this really? How much should we be concerned about it?" The numbers that come out of it are that yeah, it is a concern. It's not just you change your Treasury bonds by 1 percent or something. It's a lot bigger than that.

Rather than hedging sanctions risk with Bitcoin, shouldn't governments just avoid doing bad things?
There's not just one thing that gets you added to the U.S. sanctions list. If the only thing that could get you sanctioned, for example, was to invade another country, then most countries, as long as they don't plan to invade their neighbors, probably don't need to care about this at all, and so my research becomes less relevant. But it's kind of a nebulous thing. That might make countries pause and think about, "How reliable is the U.S?" The paper doesn't say anything about whether applying sanctions is a good or bad thing. There's a huge literature on how effective sanctions are. And I think the number that comes out of that is like a third of the time they work. Of course, they can have unintended consequences, like hurting the population of the country that you're sanctioning.

So why would a central bank bother with Bitcoin?
They're not correlated. They both sort of jump around, so there's diversification benefit to having both. And if you can't get enough gold to hedge your sanctions risk adequately -- think about a country that has very poor infrastructure, doesn't have the capability to store large amounts of gold, or countries whose reserves are so large that they simply cannot buy enough gold. Places like Singapore and China. You can't just turn around and buy $100 billion of gold.

An anonymous reader quotes a report from Ars Technica: It has been over a year now since a US District Court ruled that Apple did not violate antitrust law by forcing iOS developers (like plaintiff and Fortnite-maker Epic Games) to use its App Store and in-app payments systems. But that doesn't mean the case is settled, as both sides demonstrated Monday during oral arguments in front of the 9th Circuit Court of Appeals. The hearing was full of arcane discussion of legal standards and procedures for reviewing the case and its precedents, as well as input from state and federal governments on how the relevant laws should be interpreted. In the end, though, the core arguments before the appeals court once again centered on issues of walled gardens, user lock-in, and security versus openness in platform design.

In defending Apple's position, counsel Mark Perry argued that the company's restraints on iOS app distribution were put in place from the beginning to protect iPhone users. Based on its experience managing software security and privacy on Macs, Apple decided it "did not want the phone to be like a computer. Computers are buggy, they crash, they have problems. They wanted the phone to be better." If the Mac App Store was the equivalent of a lap belt, the iOS App Store, with its costly human review system, is "a six-point racing harness," Perry said. "It's safer. They're both safe, but it's safer." While Epic argued that the iPhone's walled garden "only keeps out competition," Perry shot back that "what's kept out by walled gardens is fraudsters and pornsters and hackers and malware and spyware and foreign governments..." Providing superior user safety, Perry said, is a key "non-price feature" that helps set the iPhone apart from its Android-based competition. Users who want the more open system that Epic is fighting for can already buy an Android phone and choose from a variety of App Stores, Perry said. By doing so, though, those users "open themselves up to more intrusion" compared to an iPhone, he argued. Those kinds of "pro-competitive" security features Apple offers with its App Store restrictions legally outweigh the "minor anti-competitive effects" iOS app developers face on the platform, Perry said.

[...] Apple's Perry argued that Epic presented "no data or empirical evidence" to show that users felt locked in to Apple's app ecosystem. Epic failed to commission the usual survey that would show users were worried about switching costs or information costs in a case like this, Perry said, a "failure of proof" that he said obviates all other technical legal claims. At the same time, Perry said Epic carefully "crafted a market definition only fitting Google and Apple" in arguing its case and has not been able to bring in other developers to support a class action. Epic "didn't want to pick a fight with the consoles, didn't want to pick a fight with Microsoft," he said, despite similarities in the "walled garden" approaches in those markets. The three-judge appeals panel betrayed little as to which arguments it favored during Monday's hearing, offering pointed questions for both sides. A ruling in the appeals case is expected sometime next year.

In a statement in February, America's Federal Bureau of Investigation "confirmed that it obtained NSO Group's powerful Pegasus spyware" back in 2019, reported the Guardian. At the time the FBI added that "There was no operational use in support of any investigation, the FBI procured a limited licence for product testing and evaluation only."

"But dozens of internal F.B.I. documents and court records tell a different story," the New York Times reported today: The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau's leadership, and drew up guidelines for federal prosecutors about how the F.B.I.'s use of hacking tools would need to be disclosed during criminal proceedings. It is unclear how the bureau was contemplating using Pegasus, and whether it was considering hacking the phones of American citizens, foreigners or both. In January, The Times revealed that F.B.I. officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers.

The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe. But the documents offer a glimpse at how the U.S. government — over two presidential administrations — wrestled with the promise and peril of a powerful cyberweapon. And, despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations. "Just because the F.B.I. ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals," stated a legal brief submitted on behalf of the F.B.I. late last month....

The specifics of why the bureau chose not to use Pegasus remain a mystery, but American officials have said that it was in large part because of mounting negative publicity about how the tool had been used by governments around the world.
The Times also notes two responses to their latest report. U.S. Senator Ron Wyden complained the FBI's earlier testimony about Pegasus was incomplete and misleading, and that the agency "owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table."

But an F.B.I. spokeswoman said "the director's testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation."

Thanks to long-time Slashdot reader crazyvas for suggesting the story.

A former Central Intelligence Agency software engineer was convicted by a federal jury on Wednesday of causing the largest theft of classified information in the agency's history. From a report: The former C.I.A. employee, Joshua Schulte, was arrested after the 2017 disclosure by WikiLeaks of a trove of confidential documents detailing the agency's secret methods for penetrating the computer networks of foreign governments and terrorists. The verdict came two years after a previous jury failed to agree on eight of the 10 charges he faced then.

At the earlier trial, Mr. Schulte, 33, was found guilty of contempt of court and of making false statements to the F.B.I. He was convicted on Wednesday on nine counts, which included illegally gathering national defense information and illegally transmitting that information. Damian Williams, the United States attorney in Manhattan, where the trial was held, hailed the verdict. Mr. Schulte has been convicted of "one of the most brazen and damaging acts of espionage in American history," Mr. Williams said in a statement.

In the past few years, ransomware attacks have crippled schools, hospitals, city governments, and pipelines. Yet, despite the heavy toll such incidents have on both the public and private sectors, government officials have only a limited understanding of ransomware attacks and how cryptocurrencies are being used to collect payment, according to a new report from the Senate Homeland Security and Governmental Affairs Committee. From a report: "Cryptocurrencies -- which allow criminals to quickly extort huge sums of money, can be anonymized, and do not have consistently enforced compliance with regulations, especially for foreign-based attackers -- have further enabled cybercriminals to commit disruptive ransomware attacks that threaten our national and economic security," said Michigan Senator Gary Peters, the committee's chair, in a statement. "My report shows that the federal government lacks the necessary information to deter and prevent these attacks, and to hold foreign adversaries and cybercriminals accountable for perpetrating them."

Part of the issue is in reporting: The federal government doesn't have a standardized place for victims to log ransomware attacks, which typically encrypt data until a ransom is paid in cryptocurrency. Both the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have websites where victims can report incidents, and some people report the attacks directly to their local FBI field offices -- all of which can leave people unsure of where to turn and lead to different agencies having records of different incidents. Financial regulators, including the Treasury Department's Financial Crimes Enforcement Network, also gather some data on ransomware, particularly around payments, but it's also far from comprehensive. A new law passed by Congress in March, as part of a broad government funding bill, will soon require operators of "critical infrastructure" to report to CISA within 72 hours when they've been the victims of a "substantial cyber incident," and within 24 hours of paying a ransom, but the provision hasn't yet gone into effect, pending regulatory decisions by CISA.

Although it's supposed to be restricted by surveillance rules at local, state and federal levels, Immigration and Customs Enforcement (ICE) has built up a mass surveillance system that includes details on almost all US residents, according to a report from a major think tank. Engadget reports: Researchers from Georgetown Law's Center on Privacy and Technology said ICE "now operates as a domestic surveillance agency" and that it was able to bypass regulations in part by purchasing databases from private companies. "Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government's larger push to amass as much information as possible about all of our lives," the report's authors state. "By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time."

The researchers spent two years looking into ICE to put together the extensive report, which is called "American Dragnet: Data-Driven Deportation in the 21st Century." They obtained information by filing hundreds of freedom of information requests and scouring more than 100,000 contracts and procurement records. The agency is said to be using data from the Department of Motor Vehicles and utility companies, along with the likes of call records, child welfare records, phone location data, healthcare records and social media posts. ICE is now said to hold driver's license data for 74 percent of adults and can track the movement of cars in cities that are home to 70 percent of the adult population in the US.

The study shows that ICE, which falls under the Department of Homeland Security, has already used facial recognition technology to search through driver's license photos of a third of adults in the US. In 2020, the agency signed a deal with Clearview AI to use that company's controversial technology. In addition, the report states that when 74 percent of adults hook up gas, electricity, phone or internet utilities in a new residence, ICE was able to automatically find out their updated address. The authors wrote that ICE is able to carry out these actions in secret and without warrants. Along with the data it acquired from other government departments, utilities, private companies and third-party data brokers, "the power of algorithmic tools for sorting, matching, searching and analysis has dramatically expanded the scope and regularity of ICE surveillance," the report states. The agency spent around $2.8 billion on "new surveillance, data collection and data-sharing initiatives," according to the report. Approximately $569 million was spent on data analsys, including $186.6 million in contracts with Plantir Technologies.

"ICE also spent more than $1.3 billion on geolocation tech during that timeframe and $389 million on telecom interception, which includes tech that helps the agency track someone's phone calls, emails, social media activity and real-time internet use," adds Engadget.

Cryptocurrency companies said they remain unsure of U.S. regulations governing products that allow customers to earn interest on holdings instead of trading them, months after such an interest-bearing product drew a $100 million fine from a federal regulator and state governments. From a report: In February, New Jersey crypto company BlockFi agreed to pay $100 million in a landmark settlement with the U.S. Securities and Exchange Commission and state authorities who said its interest-bearing product qualifies as a security and should have been registered. Still, many digital asset companies providing such products said this month the rules remain unclear to them and they are uncertain when they should register such offerings, which are growing more popular and which many firms launched within the last year. Most firms have tried to structure the interest-bearing products to avoid the need to register them with the SEC, a process that takes time and entails ongoing disclosure and reporting obligations. That effort might set them up for a clash with the agency as it increases scrutiny of the crypto industry. BlockFi plans to offer an alternative yield product, which it said it would register first. The company and the SEC said the deal should provide a roadmap for other companies.

An anonymous reader quotes a report from the Associated Press: The Biden administration is calling on Congress to expand authority for federal and local governments to take action to counter the nefarious use in the U.S. of drones, which are becoming a growing security concern and nuisance. The White House on Monday released an action plan that calls for expanding the number of agencies that can track and monitor drones flying in their airspace. It calls for establishing a list of U.S. government-authorized detection equipment that federal and local authorities can purchase, and creating a national training center on countering the malicious use of drones. The White House in a statement said it was critical that Congress "adopt legislation to close critical gaps in existing law and policy that currently impede government and law enforcement from protecting the American people and our vital security interests."

The federal-government-wide focus comes as the Federal Aviation Administration projects that more than 2 million drones will be in circulation in the U.S. by 2024 and as availability of detection and mitigation technologies -- including jamming systems -- are limited under current law. The White House plan calls for expanding existing counter-drone authorities for the departments of Homeland Security, Justice, Defense, Energy, as well as the Central Intelligence Agency and NASA in limited situations. The proposal also seeks to expand drone detection authorities for state, local, territorial and tribal law enforcement agencies and critical infrastructure owners and operators. The proposal also calls for establishing a six-year pilot program for a small number of state, local, territorial and tribal law enforcement agencies to take part in a drone detection and mitigation operations under supervision of the Justice Department and Homeland Security. Currently, no state or local agencies have such authorization.

A controversial facial recognition company that's built a massive photographic dossier of the world's people for use by police, national governments and -- most recently -- the Ukrainian military is now planning to offer its technology to banks and other private businesses. The Washington Post reports: Clearview AI co-founder and CEO Hoan Ton-That disclosed the plans Friday to The Associated Press in order to clarify a recent federal court filing that suggested the company was up for sale. "We don't have any plans to sell the company," he said. Instead, he said the New York startup is looking to launch a new business venture to compete with the likes of Amazon and Microsoft in verifying people's identity using facial recognition.

The new "consent-based" product would use Clearview's algorithms to verify a person's face, but would not involve its ever-growing trove of some 20 billion images, which Ton-That said is reserved for law enforcement use. Such ID checks that can be used to validate bank transactions or for other commercial purposes are the "least controversial use case" of facial recognition, he said. That's in contrast to the business practice for which Clearview is best known: collecting a huge trove of images posted on Facebook, YouTube and just about anywhere else on the publicly-accessible internet.

An anonymous reader quotes a report from Ars Technica: Minnesota state lawmakers are trying to prohibit social media platforms from using algorithms to recommend content to anyone under age 18. The bill was approved Tuesday by the House Commerce Finance and Policy Committee in a 15-1 vote. The potential state law goes next to the House Judiciary Finance and Civil Law Committee, which has put it on the docket for a hearing on March 22. The algorithm ban applies to platforms with at least 1 million account holders and says those companies would be "prohibited from using a social media algorithm to target user-created content at an account holder under the age of 18." There are exemptions for content created by federal, state, or local governments and by public or private schools.

"This bill prohibits a social media platform like Facebook, Instagram, YouTube, WhatsApp, TikTok, and others, from using algorithms to target children with specific types of content," the bill summary says (PDF). "The bill would require anyone operating a social media platform with more than one million users to require that algorithm functions be turned off for accounts owned by anyone under the age of 18." Social media companies would be "liable for damages and a civil penalty of $1,000 for each violation." Tech-industry lobbyists say the bill would violate the First Amendment, prevent companies from recommending useful content, and require them to collect more data on the ages and locations of users. TechDirt's Mike Masnick slammed the bill in an article titled, "Minnesota pushing bill that says websites can no longer be useful for teenagers."

"I get that for computer illiterate people the word 'algorithm' is scary," Masnick wrote. "And that there's some ridiculous belief among people who don't know any better that recommendation algorithms are like mind control, but the point of an algorithm is... to recommend content. That is, to make a social media (or other kind of service) useful. Without it, you just get an undifferentiated mass of content, and that's not very useful."

NBC News reports that energy analysts "still expect most solar energy production in the near future to come from utility-scale projects, in part because of the savings that comes with massive installations."

Unfortunately, "It's those projects that are facing pushback." Local governments in states such as California, Indiana, Maine, New York and Virginia have imposed moratoriums on large-scale solar farms, as a national push for cleaner energy has collided with complaints about how the projects affect wildlife and scenic views. In one Nevada town west of Las Vegas, residents are trying to block a proposed 2,300-acre solar field. NBC News counted 57 cities, towns and counties across the country where residents have proposed solar moratoriums since the start of 2021, according to local news reports, and not every proposed ban gets local news coverage. At least 40 of those approved the measures. Other localities did so in earlier years.

That resistance is a threat to the big ambitions of the solar energy movement.
The current workaround? Solar panel installations "in unexpected places..." [Walmart] told NBC News it has more than 550 renewable energy projects, including solar and wind, implemented or under development. Several have opened recently in California, including with parking lot canopies. The company has a goal of using 100 percent renewable energy by 2035, up from 36 percent by its estimate now....

Houston has chosen the 240-acre site of a former landfill to install what the city said will be the largest infill solar project in the nation. In a neighborhood named Sunnyside, the project will generate enough electricity for 5,000 homes, according to the city. Similar projects have been built on landfills throughout New Jersey. An energy firm is building a solar project on a former coal mine on the border of Kentucky and West Virginia, while in New York state, researchers at Cornell University are testing putting solar panels in a field where sheep graze.

A city in Northern California says it has the largest floating solar farm in the U.S. at its wastewater treatment plant, and in January, a China-based energy company said it had built the world's largest floating solar array on a reservoir there. And last year, the Biden administration encouraged the development of solar projects on highway right-of-way, with a notice from the Federal Highway Administration telling field offices to work with states on ideas. Researchers at the University of Texas at Austin, including Webber, have said most states have more than 200 miles of interstate frontage suitable for solar development, especially near exits and rest stops.

Creative locations have a particular benefit: fewer potential neighbors who might complain.

A whistleblower has alleged that an executive at NSO Group offered a US-based mobile security company "bags of cash" in exchange for access to a global signalling network used to track individuals through their mobile phone, according to a complaint that was made to the US Department of Justice. The Guardian: The allegation, which dates back to 2017 and was made by a former mobile security executive named Gary Miller, was disclosed to federal authorities and to the US congressman Ted Lieu, who said he conducted his own due diligence on the claim and found it "highly disturbing." Details of the allegation by Miller were then sent in a letter by Lieu to the Department of Justice. "The privacy implications to Americans and national security implications to America of NSO Group accessing mobile operator signalling networks are vast and alarming," Lieu wrote in his letter. The letter was shared with the Guardian and other media partners on the Pegasus project, a media consortium led by the Paris-based Forbidden Stories that has investigated NSO and published a series of stories about how governments around the world have used the company's spyware to target activists, journalists, and lawyers, among others.