In 1999 Los Angeles Times reporter Michael Hiltzik co-authored a Pulitzer Prize-winning story. Now a business columnist for the Times, he writes that a Southern California maker of pornographic films named Strike 3 Holdings is also "a copyright troll," according to U.S. Judge Royce C. Lamberth: Lamberth cwrote in 2018, "Armed with hundreds of cut-and-pasted complaints and boilerplate discovery motions, Strike 3 floods this courthouse (and others around the country) with lawsuits smacking of extortion. It treats this Court not as a citadel of justice, but as an ATM." He likened its litigation strategy to a "high-tech shakedown." Lamberth was not speaking off the cuff. Since September 2017, Strike 3 has filed more than 12,440 lawsuits in federal courts alleging that defendants infringed its copyrights by downloading its movies via BitTorrent, an online service on which unauthorized content can be accessed by almost anyone with a computer and internet connection.

That includes 3,311 cases the firm filed this year, more than 550 in federal courts in California. On some days, scores of filings reach federal courthouses — on Nov. 17, to select a date at random, the firm filed 60 lawsuits nationwide... Typically, they are settled for what lawyers say are cash payments in the four or five figures or are dismissed outright...

It's impossible to pinpoint the profits that can be made from this courthouse strategy. J. Curtis Edmondson, a Portland, Oregon, lawyer who is among the few who pushed back against a Strike 3 case and won, estimates that Strike 3 "pulls in about $15 million to $20 million a year from its lawsuits." That would make the cases "way more profitable than selling their product...." If only one-third of its more than 12,000 lawsuits produced settlements averaging as little as $5,000 each, the yield would come to $20 million... The volume of Strike 3 cases has increased every year — from 1,932 in 2021 to 2,879 last year and 3,311 this year.

What's really needed is a change in copyright law to bring the statutory damages down to a level that truly reflects the value of a film lost because of unauthorized downloading — not $750 or $150,000 but perhaps a few hundred dollars.
Anone of the lawsuits go to trial. Instead ISPs get a subpoena demanding the real-world address and name behind IP addresses "ostensibly used to download content from BitTorrent..." according to the article. Strike 3 will then "proceed by sending a letter implicitly threatening the subscriber with public exposure as a pornography viewer and explicitly with the statutory penalties for infringement written into federal copyright law — up to $150,000 for each example of willful infringement and from $750 to $30,0000 otherwise."

A federal judge in Connecticut wrote last year that "Given the nature of the films at issue, defendants may feel coerced to settle these suits merely to prevent public disclosure of their identifying information, even if they believe they have been misidentified."

Thanks to Slashdot reader Beerismydad for sharing the article.

The Washington Post reports that America's largest pharmacy chains have "handed over Americans' prescription records to police and government investigators without a warrant, a congressional investigation found, raising concerns about threats to medical privacy." Though some of the chains require their lawyers to review law enforcement requests, three of the largest — CVS Health, Kroger and Rite Aid, with a combined 60,000 locations nationwide — said they allow pharmacy staff members to hand over customers' medical records in the store... Pharmacies' records hold some of the most intimate details of their customers' personal lives, including years-old medical conditions and the prescriptions they take for mental health and birth control. Because the chains often share records across all locations, a pharmacy in one state can access a person's medical history from states with more-restrictive laws. Carly Zubrzycki, an associate professor at the University of Connecticut law school, wrote last year that this could link a person's out-of-state medical care via a "digital trail" back to their home state...

In briefings, officials with eight American pharmacy giants — Walgreens Boots Alliance, CVS, Walmart, Rite Aid, Kroger, Cigna, Optum Rx and Amazon Pharmacy — told congressional investigators that they required only a subpoena, not a warrant, to share the records.

A subpoena can be issued by a government agency and, unlike a court order or warrant, does not require a judge's approval. To obtain a warrant, law enforcement must convince a judge that the information is vital to investigate a crime. Officials with CVS, Kroger and Rite Aid said they instruct their pharmacy staff members to process law enforcement requests on the spot, saying the staff members face "extreme pressure to immediately respond," the lawmakers' letter said. The eight pharmacy giants told congressional investigators that they collectively received tens of thousands of legal demands every year, and that most were in connection with civil lawsuits. It's unclear how many were related to law enforcement demands, or how many requests were fulfilled.

Only one of the companies, Amazon, said it notified customers when law enforcement demanded its pharmacy records unless there was a legal prohibition, such as a "gag order," preventing it from doing so, the lawmakers said...

Most investigative requests come with a directive requiring the company to keep them confidential, a CVS spokeswoman said; for those that don't, the company considers "on a case-by-case basis whether it's appropriate to notify the individual."
The article points out that Americans "can request the companies tell them if they've ever disclosed their data...but very few people do.

"CVS, which has more than 40,000 pharmacists and 10,000 stores in the United States, said it received a 'single-digit number' of such consumer requests last year, the letter states."

Earlier this week Google Maps stopped storing user location histories in the cloud. But why did Google make this move? Bloomberg reports that it was "so that the company no longer has access to users' individual location histories, cutting off its ability to respond to law enforcement warrants that ask for data on everyone who was in the vicinity of a crime." The company said Thursday that for users who have it enabled, location data will soon be saved directly on users' devices, blocking Google from being able to see it, and, by extension, blocking law enforcement from being able to demand that information from Google. "Your location information is personal," said Marlo McGriff, director of product for Google Maps, in the blog post. "We're committed to keeping it safe, private and in your control."

The change comes three months after a Bloomberg Businessweek investigation that found police across the US were increasingly using warrants to obtain location and search data from Google, even for nonviolent cases, and even for people who had nothing to do with the crime. "It's well past time," said Jennifer Lynch, the general counsel at the Electronic Frontier Foundation, a San Francisco-based nonprofit that defends digital civil liberties. "We've been calling on Google to make these changes for years, and I think it's fantastic for Google users, because it means that they can take advantage of features like location history without having to fear that the police will get access to all of that data."

Google said it would roll out the changes gradually through the next year on its own Android and Apple Inc.'s iOS mobile operating systems, and that users will receive a notification when the update comes to their account. The company won't be able to respond to new geofence warrants once the update is complete, including for people who choose to save encrypted backups of their location data to the cloud.
The EFF general counsel also pointed out to Bloomberg that "nobody else has been storing and collecting data in the same way as Google." (Apple, for example, is technically unable to provide the same data to police.)

"Unlike automobiles, jumbo jets cannot run on batteries," notes the Washington Post.

So Friday the White unveiled a plan for "subsidizing sustainable aviation fuels" — which could also give the U.S. a leg up in a brand new industry: Senior White House officials said the program would make the airline industry cleaner while bringing prosperity to rural America. But environmental groups and some scientists expressed reservations about the plan, which would award subsidies based on a scientific model that has previously been used to justify incentives for corn-based ethanol. Studies have found the gasoline additive is exacerbating climate change.

The new tax credits, created through President Biden's signature climate law, are meant to spur production of jet fuels that create no more than half the emissions of the petroleum-based product. Each gallon of such fuel qualifies for a tax credit up to $1.75 per gallon. "The concern is they will end up subsidizing fuels that take an enormous amount of land to produce," said Tim Searchinger, a senior research scholar at Princeton University... Administration officials said on a call with reporters Thursday that they are carefully weighing such concerns. Agencies are in the process of updating the scientific model for gauging climate friendliness of jet fuels, they said, and it will be revised to factor in the emissions impact of cropland converted from food to fuel production. Federal agencies plan to complete their revisions by March 1.

"The sustainable aviation fuel industry is a potential 36 billion gallon industry that for all intents and purposes is just getting started," Agriculture Secretary Tom Vilsack said on the call. "This is a big, big deal."

Delta Dental of California announced that they've suffered a data breach that exposed the personal data of almost seven million patients. BleepingComputer reports: Delta Dental of California is a dental insurance provider that covers 45 million people across 15 states and is part of the Delta Dental Plans Association. According to a Delta Dental of California data breach notification (PDF), the company suffered unauthorized access by threat actors through the MOVEit file transfer software application.

The software was vulnerable to a zero-day SQL injection flaw leading to remote code execution, tracked as CVE-2023-34362, which the Clop ransomware gang leveraged to breach thousands of organizations worldwide. Delta Dental of California learned about the compromise on June 1, 2023, and five days later, following an internal investigation, it confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May 30, 2023. The second, more lengthy investigation to determine the exact impact of the security incident was completed on November 27, 2023.

Based on this, the data breach has so far impacted 6,928,932 customers of Delta Dental of California, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed. Delta Dental of California provides 24 months of free credit monitoring and identity theft protection services to impacted patients to mitigate the risk of their exposed data. Details on enrolling in the program are enclosed in the personal notices.

An anonymous reader quotes a report from Ars Technica: Some TikTok users may have skipped reviewing an update to TikTok's terms of service this summer that shakes up the process for filing a legal dispute against the app. According to The New York Times, changes that TikTok "quietly" made to its terms suggest that the popular app has spent the back half of 2023 preparing for a wave of legal battles. In July, TikTok overhauled its rules for dispute resolution, pivoting from requiring private arbitration to insisting that legal complaints be filed in either the US District Court for the Central District of California or the Superior Court of the State of California, County of Los Angeles. Legal experts told the Times this could be a way for TikTok to dodge arbitration claims filed en masse that can cost companies millions more in fees than they expected to pay through individual arbitration.

Perhaps most significantly, TikTok also added a section to its terms that mandates that all legal complaints be filed within one year of any alleged harm caused by using the app. The terms now say that TikTok users "forever waive" rights to pursue any older claims. And unlike a prior version of TikTok's terms of service archived in May 2023, users do not seem to have any options to opt out of waiving their rights. Lawyers told the Times that these changes could make it more challenging for TikTok users to pursue legal action at a time when federal agencies are heavily scrutinizing the app and complaints about certain TikTok features allegedly harming kids are mounting.

An anonymous reader quotes a report from Ars Technica: Criminal suspects can refuse to provide phone passcodes to police under the US Constitution's Fifth Amendment privilege against self-incrimination, according to a unanimous ruling issued (PDF) today by Utah's state Supreme Court. The questions addressed in the ruling could eventually be taken up by the US Supreme Court, whether through review of this case or a similar one. The case involves Alfonso Valdez, who was arrested for kidnapping and assaulting his ex-girlfriend. Police officers obtained a search warrant for the contents of Valdez's phone but couldn't crack his passcode.

Valdez refused to provide his passcode to a police detective. At his trial, the state "elicited testimony from the detective about Valdez's refusal to provide his passcode when asked," today's ruling said. "And during closing arguments, the State argued in rebuttal that Valdez's refusal and the resulting lack of evidence from his cell phone undermined the veracity of one of his defenses. The jury convicted Valdez." A court of appeals reversed the conviction, agreeing "with Valdez that he had a right under the Fifth Amendment to the United States Constitution to refuse to provide his passcode, and that the State violated that right when it used his refusal against him at trial." The Utah Supreme Court affirmed the court of appeals ruling.

The Valdez case does not involve an order to compel a suspect to unlock a device. Instead, "law enforcement asked Valdez to verbally provide his passcode," Utah justices wrote. "While these circumstances involve modern technology in a scenario that the Supreme Court has not yet addressed, we conclude that these facts present a more straightforward question that is answered by settled Fifth Amendment principles." Ruling against the state, the Utah Supreme Court said it "agree[s] with the court of appeals that verbally providing a cell phone passcode is a testimonial communication under the Fifth Amendment."

After investigating reports that some users aren't getting iMessages on Beeper Mini and Beeper Cloud, Beeper says that Apple seems to be "deliberately blocking" iMessages from being delivered to about five percent of Beeper Mini users. From a report: The company says that uninstalling and reinstalling the app fixes the issue and that it's working on a broader fix.

Apple didn't immediately reply to a request for comment about Beeper's new claim, and it hasn't replied to my original request for comment, either. But given that the company has already blocked Beeper Mini before, it's not too surprising that it seems to be taking action against the app again.

Google Maps will soon give you the option to store your location data on your device instead of in the cloud. Android Police reports: In the coming year, Google is planning to switch things up by defaulting to saving your Timeline directly on your device instead of the cloud. You'll also have the option to wipe out bits or the whole information dossier whenever you want and disable location history completely. When you're jumping ship to a new device and want to keep your data close, you always have the option to back it up in the cloud. Google assures you that it'll lock it up with encryption.

Another significant update is the shorter default amount of time before your location history is auto-deleted. Soon, when you turn on location history, the default auto-delete time shrinks to three months. In the past, it used to hang around for 18 months by default. If you're the sentimental type, you can extend the Timeline's lifespan or turn off the auto-delete option. Google Maps has another nifty trick up its sleeve: soon, you can erase all traces of your trips with just a few taps. Say you've got a favorite hangout spot and you want to keep it to yourself. You can wipe the slate clean right from the app, whether it's searches, directions, visits, or shares. This handy feature is making its debut on Maps for Android and iOS in the next few weeks.

Finally, you will soon be able to click on the blue dot on the map to view your Location History and Timeline at a glance. It allows you to tweak what you share and store on Maps, all without having to dive into the settings. Currently, the blue dot only gives you some neat shortcuts for parking saves and location sharing.

An anonymous reader quotes a report from TechCrunch: Some two years of talking about gig worker rights later and European Union lawmakers have finally reached a deal on the final shape of the Platform Worker Directive. [...] The Commission presented its original plan to reform labor laws to boost protections for platform workers back in December 2021, setting out a presumption of employment for workers in a bid to flip the odds on gig economy exploitation. But the proposal proved contentious, with heavy industry lobbying from tech platforms such as Uber pushing for gig workers to be carved out of Europe's employment protections. There were also divisions between Member States over how much worker protection vs platform shielding they were prepared to commit to. But after a final trilogue, lasting more than 12 hours, a provisional agreement has been clinched.

The deal that's been provisionally agreed means a presumption of an employment relationship between a gig worker and a platform will be triggered when two out of a list of five "indicators of control or direction are present," as the parliament's press release puts it. "This list can be expanded by Member States. The presumption can be triggered by the worker, by their representatives, and by the competent authorities on their own initiative. This presumption can be rebutted if the platform proves that the contractual relationship is not an employment relationship," it adds. The agreement also contains transparency provisions that will require platforms to provide information to individuals performing platform work (and to their representatives) about how the algorithms that manage them work; and how their behavior affects decisions taken by automated systems. [...] The provisionally agreed new rules will also ban platforms from taking "certain important decisions," such as dismissals or decisions to suspend an account, without human oversight.

Per the parliament, the agreed text also ensures "more human oversight on the decisions of systems that directly affect the persons performing platform work"; and obliges platforms to "assess the impact of decisions taken or supported by automated monitoring and decision-making systems on working conditions, health and safety and fundamental rights". So conducting data protection impact assessments looks set to be a hard requirement for complying with the new law. Another prohibition that's been agreed is a ban on platforms from processing certain types of personal data of workers, including personal beliefs, private exchanges with colleagues, or when a worker is not at work -- with the Directive billed as beefing up data protection rights for platform workers.

Other provisions in the provisional deal include a requirement for platforms to share information on self-employed workers in their employ with competent national authorities and representatives of those performing platform work, such as trade unions. Measures to prevent platforms from circumventing the rules by using intermediaries has also been agreement -- a practice that's stepped up considerably in Spain since the country introduced its own labor reform, back in 2021, with the aim of forcing platforms to hire delivery workers. Some key details of exactly what's been agreed remain under wraps -- and full visibility and analysis of the ramifications will likely have to wait for a consolidated text to emerge in the coming weeks/months. [...] The final text still needs to be voted on by the Council and Parliament before it can be adopted as pan-EU law. What implementation period has been agreed also isn't yet clear. But today's political deal signals the train has now left the station.

An anonymous reader shares a report: If you bought a new smart TV during any of the holiday sales, there's likely to be an uninvited guest watching along with you. The most popular smart TVs sold today use automatic content recognition (ACR), a kind of ad surveillance technology that collects data on everything you view and sends it to a proprietary database to identify what you're watching and serve you highly targeted ads. The software is largely hidden from view, and it's complicated to opt out. Many consumers aren't aware of ACR, let alone that it's active on their shiny new TVs. If that's you, and you'd like to turn it off, we're going to show you how.

First, a quick primer on the tech: ACR identifies what's displayed on your television, including content served through a cable TV box, streaming service, or game console, by continuously grabbing screenshots and comparing them to a massive database of media and advertisements. Think of it as a Shazam-like service constantly running in the background while your TV is on.

These TVs can capture and identify 7,200 images per hour, or approximately two every second. The data is then used for content recommendations and ad targeting, which is a huge business; advertisers spent an estimated $18.6 billion on smart TV ads in 2022, according to market research firm eMarketer. For anyone who'd rather not have ACR looking over their shoulder while they watch, we've put together a guide to turning it off on three of the most popular smart TV software platforms in use last year. Depending on the platform, turning off ACR took us between 10 and 37 clicks.

According to the Wall Street Journal, Apple is including new Stolen Device Protection in iOS 17.3 that requires authentication through Face ID or Touch ID to perform certain actions. The Verge reports: The new feature appears to come in response to the concerns raised in previous reports by The Wall Street Journal describing how thieves watch their victims type in their iPhone passcodes and then steal their devices. This gives thieves access to a trove of personal and financial information stored on the device, allowing them to lock victims out of their iCloud accounts and spend thousands of dollars using saved payment information.

If you opt in to the feature, you would have to verify your identity with face or fingerprint biometrics when doing things like viewing your saved passwords in iCloud Keychain, applying for a new Apple Card, factory resetting your device, using saved payment methods in Safari, and turning off Lost Mode. This way, thieves wouldn't be able to steal your information even if they have your phone and the passcode.

For even more sensitive actions, like changing your Apple ID password, changing your iPhone passcode, or turning off Find My, the new Stolen Device Protection feature adds an additional hurdle if the device is somewhere other than locations you often frequent, like at home or in the office. It requires you to not only verify your identity with Face ID or Touch ID but also wait one hour and then repeat the authentication process again.

Politico reports that the climate bill passed in America in 2022 "has ignited a new zeal among leaders around the world for the kind of winner-picking, subsidy-flush governing that has been out of fashion in many countries for the past 40 years."

The bill's "mix of lavish support for clean energy technologies and efforts to box out foreign competitors is also promoting a kind of green patriotism — and even some politicians on the right, at least outside the U.S., say that's a climate message they can sell." [The bill] is having a real-world impact as investors shift their money to the U.S. from abroad, hungry to take advantage of the tax breaks. In July, for example, Swiss solar manufacturer Meyer Burger canned plans to build a factory in Germany, choosing Arizona instead. That has left political leaders across the world with a choice: Grinch and grumble about the United States' sudden clean industry favoritism, or follow suit... Even the United States' favorite pals on the global stage have felt rattled by the sudden diversion from decades of free trading. But in the U.K., European Union and Australia, many leaders are now working on their own versions.
Some examples of upcoming climate actions:

- Australia's Labor party "has budgeted $1.3 billion in spending this year on green hydrogen projects and around $660 million on moving the economy toward electricity rather than fossil fuels."

- The EU will "start operating a border tariff on high-carbon products in 2026, which seeks to keep hold of its heavy industries even as they pay an increasingly punitive price for polluting to the EU Emissions Trading System."

- The UK Labour party plans messaging "that casts the green energy transition as a national mission which can create jobs in former industrial communities."

- In the U.S. the White House says its bill will spur closer to $700 billion — or even $1 trillion — in green incentives over 10 years. "As the White House sees it, the jump means the tax credits for priorities such as homegrown clean power and electric vehicles have proven more popular than initially anticipated."


Taken together, all the bills "reflect the urgency of the problem," Politico argues, "by aiming to transform the economy at a pace the market can't deliver on its own." "We are in the middle of a climate crisis because firms couldn't do the job of decarbonizing," said Todd Tucker, director of industrial policy and trade at the progressive think tank Roosevelt Institute. "The climate crisis is the world's biggest market failure ever and it's going to take really strong public investment."

David Shepardson reports via Reuters: U.S. Commerce Secretary Gina Raimondo said she expects to make around a dozen semiconductor chips funding awards within the next year, including multi-billion dollar announcements that could drastically reshape U.S. chip production. She announced the first award on Monday -- $35 million to a BAE Systems facility in Hampshire to produce chips for fighter planes from the "Chips for America" semiconductor manufacturing and research subsidy program approved by Congress in August 2022.

"Next year we'll get into some of the bigger ones with leading-edge fabs," Raimondo told reporters. "A year from now I think we will have made 10 or 12 similar announcements, some of them multi-billion dollar announcements." In an interview with Reuters, Raimondo said that the number of awards could go higher than 12. She said she wants the percentage of semiconductors produced in the United States to rise from about 12% to closer to 20% -- though that is still down from 40% in 1990 -- and to have at least two "leading-edge" U.S. manufacturing clusters. In addition, she wants the U.S. to have cutting-edge memory and packaging production and to "meet the military's needs for current and mature" chips. Raimondo noted that the U.S. currently does not have any cutting-edge manufacturing production and wants to get that to about 10%.

Bill Toulas reports via BleepingComputer: Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. According to the U.S. Department of Justice (DoJ) announcement, Brody was fired on March 11, 2020, from First Republic Bank (FRB) in San Francisco, where he worked as a cloud engineer. The court documents state that Brody's employment was terminated after he violated company policies by connecting a USB drive containing pornography to company computers.

Following his dismissal, Brody allegedly refused to return his work laptop and instead used his still-valid account to access the bank's computer network and cause damages estimated to be above $220,000. "Among other things, Brody deleted the bank's code repositories, ran a malicious script to delete logs, left taunts within the bank's code for former colleagues, and impersonated other bank employees by opening sessions in their names," describes the U.S. DOJ announcement. "He also emailed himself proprietary bank code that he had worked on as an employee, which was valued at over $5,000."

After the incident, Brody falsely reported to the San Francisco Police Department that the FRB-issued laptop had been stolen from his car. He continued to uphold this story when interviewed by United States Secret Service agents following his arrest in March 2021. Eventually, in April 2023, Brody pleaded guilty to lying about the laptop and to two charges concerning violation of the Computer Fraud and Abuse Act. In addition to the two-year prison term and the payment of the restitution, Brody will serve three years of supervised release.

An anonymous reader quotes a report from TorrentFreak: A document detailing technical requirements of Italy's Piracy Shield anti-piracy system confirms that ISPs are not alone in being required to block pirate IPTV services. All VPN and open DNS services must also comply with blocking orders, including through accreditation to the Piracy Shield platform. [...] Italy's Piracy Shield anti-piracy system reportedly launched last week, albeit in limited fashion. Whether the platform had any impact on pirate IPTV providers offering the big game last Friday is unclear but plans supporting a full-on assault are pressing ahead.

When lawmakers gave Italy's new blocking regime the green light during the summer, the text made it clear that blocking instructions would not be limited to regular ISPs. The document issued by AGCOM [...] specifically highlights that VPN and DNS providers are no exception. "[A]ll parties in any capacity involved in the accessibility of illegally disseminated content -- and therefore also, by way of example and not limitation -- VPN and open DNS service providers, will have to execute the blocks requested by the Authority [AGCOM] including through accreditation to the Piracy Shield platform or otherwise implementing measures that prevent the user from reaching that content," the notice reads. [...]

The relevant section of the new law is in some ways even more broad when it comes to search engines such as Google. Whether they are directly involved in accessibility or not, they're still required to take action. AGCOM suggests that Google understands its obligations and is also prepared to take things further. The company says it will deindex offending platforms from search and also remove their ability to advertise. "Since this is a dynamic blocking, the search engine therefore undertakes to perform de-indexing of all websites/telematic addresses that are the subject of subsequent reports that can also be communicated by rights holders accredited to the platform," AGCOM writes. "Google has shared a procedural mode for the communication of the blocking list, and the Company has also committed to the timely removal of all advertisements that do not comply with the company's policies, having particular regard to those that invest the promotion of pirate sites referring to protected sporting events."

The FTC is considering an investigation into Microsoft's investment in OpenAI to determine if the company broke any antitrust laws. The Register reports: Despite the money poured into it over the years, OpenAI was founded as a non-profit in 2015, and Microsoft's investment does not amount to control of the company. Microsoft chief communications officer Frank X Shaw underlined attempts to dampen down industry talk of a probe: "While details of our agreement remain confidential, it is important to note that Microsoft does not own any portion of OpenAI and is simply entitled to share of profit distributions."

At the end of last week, the UK's Competition and Markets Authority (CMA) launched a consultation to ask interested parties to comment on Microsoft's relationship with ChatGPT developer, and if it could be construed as a merger that potentially skews competition. If so, the CMA will itself launch an official inspection.

An anonymous reader quotes a report from MIT News: Providing a resource for U.S. policymakers, a committee of MIT leaders and scholars has released a set of policy briefs that outlines a framework for the governance of artificial intelligence. The approach includes extending current regulatory and liability approaches in pursuit of a practical way to oversee AI. The aim of the papers is to help enhance U.S. leadership in the area of artificial intelligence broadly, while limiting harm that could result from the new technologies and encouraging exploration of how AI deployment could be beneficial to society.

The main policy paper, "A Framework for U.S. AI Governance: Creating a Safe and Thriving AI Sector," suggests AI tools can often be regulated by existing U.S. government entities that already oversee the relevant domains. The recommendations also underscore the importance of identifying the purpose of AI tools, which would enable regulations to fit those applications. "As a country we're already regulating a lot of relatively high-risk things and providing governance there," says Dan Huttenlocher, dean of the MIT Schwarzman College of Computing, who helped steer the project, which stemmed from the work of an ad hoc MIT committee. "We're not saying that's sufficient, but let's start with things where human activity is already being regulated, and which society, over time, has decided are high risk. Looking at AI that way is the practical approach." [...]

"The framework we put together gives a concrete way of thinking about these things," says Asu Ozdaglar, the deputy dean of academics in the MIT Schwarzman College of Computing and head of MIT's Department of Electrical Engineering and Computer Science (EECS), who also helped oversee the effort. The project includes multiple additional policy papers and comes amid heightened interest in AI over last year as well as considerable new industry investment in the field. The European Union is currently trying to finalize AI regulations using its own approach, one that assigns broad levels of risk to certain types of applications. In that process, general-purpose AI technologies such as language models have become a new sticking point. Any governance effort faces the challenges of regulating both general and specific AI tools, as well as an array of potential problems including misinformation, deepfakes, surveillance, and more. These are the key policies and approaches mentioned in the white papers:

Extension of Current Regulatory and Liability Approaches: The framework proposes extending current regulatory and liability approaches to cover AI. It suggests leveraging existing U.S. government entities that oversee relevant domains for regulating AI tools. This is seen as a practical approach, starting with areas where human activity is already being regulated and deemed high risk.

Identification of Purpose and Intent of AI Tools: The framework emphasizes the importance of AI providers defining the purpose and intent of AI applications in advance. This identification process would enable the application of relevant regulations based on the specific purpose of AI tools.

Responsibility and Accountability: The policy brief underscores the responsibility of AI providers to clearly define the purpose and intent of their tools. It also suggests establishing guardrails to prevent misuse and determining the extent of accountability for specific problems. The framework aims to identify situations where end users could reasonably be held responsible for the consequences of misusing AI tools.

Advances in Auditing of AI Tools: The policy brief calls for advances in auditing new AI tools, whether initiated by the government, user-driven, or arising from legal liability proceedings. Public standards for auditing are recommended, potentially established by a nonprofit entity or a federal entity similar to the National Institute of Standards and Technology (NIST).

Consideration of a Self-Regulatory Organization (SRO): The framework suggests considering the creation of a new, government-approved "self-regulatory organization" (SRO) agency for AI. This SRO, similar to FINRA for the financial industry, could accumulate domain-specific knowledge, ensuring responsiveness and flexibility in engaging with a rapidly changing AI industry.

Encouragement of Research for Societal Benefit: The policy papers highlight the importance of encouraging research on how to make AI beneficial to society. For instance, there is a focus on exploring the possibility of AI augmenting and aiding workers rather than replacing them, leading to long-term economic growth distributed throughout society.

Addressing Legal Issues Specific to AI: The framework acknowledges the need to address specific legal matters related to AI, including copyright and intellectual property issues. Special consideration is also mentioned for "human plus" legal issues, where AI capabilities go beyond human capacities, such as mass surveillance tools.

Broadening Perspectives in Policymaking: The ad hoc committee emphasizes the need for a broad range of disciplinary perspectives in policymaking, advocating for academic institutions to play a role in addressing the interplay between technology and society. The goal is to govern AI effectively by considering both technical and social systems.

A jury in San Francisco unanimously found (PDF) that Google violated California and federal antitrust laws through deals that stifled competition for its mobile app store. "The verdict delivers the first significant US courtroom loss for big tech in the years-long campaign by rivals, regulators, and prosecutors to tame the power of internet gatekeepers," reports Wired. From the report: The lawsuit next moves to a remedies phase, meaning a judge as soon as the coming weeks will hear arguments about and decide whether to order changes to Google's business practices. Users of devices powered by Google's Android operating system could find more app options to choose from, at lower prices, if Google is forced to allow downloads of rival app stores from Play or share a greater portion of sales with developers selling digital items inside their apps.

The ruling came in a case first filed in 2020 by Epic Games, known for its blockbuster game Fortnite and tools for developers, and argued before a jury since early November. The jury of nine -- a 10th juror dropped out early in the trial -- deliberated for three hours before reaching its verdict. They faced 11 questions such as defining product and geographic markets and whether Google engaged in anticompetitive conduct in those areas. Epic had accused Google of restricting smartphone makers, wireless carriers, and app developers from providing any competition to the Play store, which accounts for over 95 percent of all downloads onto Android phones in the US. Google had denied any wrongdoing, saying that its sole aim was to provide a safe and attractive experience to users, especially as it faced competition from Apple, its iPhone, and its App Store.

An anonymous reader quotes a report from TechCrunch: Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city's third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 total providers on its medical staff, according to its website. In a filing with Maine's attorney general on Friday, Norton said that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during its May ransomware attack.

In a letter sent to those affected, the nonprofit said that hackers had access to "certain network storage devices between May 7 and May 9," but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system. But Norton admitted that following a "time-consuming" internal investigation, which the organization completed in November, Norton found that hackers accessed a "wide range of sensitive information," including names, dates of birth, Social Security numbers, health and insurance information and medical identification numbers. Norton Healthcare says that, for some individuals, the exposed data may have also included financial account numbers, driver licenses or other government ID numbers, as well as digital signatures. It's not known if any of the accessed data was encrypted.

Norton says it notified law enforcement about the attack and confirmed it did not pay any ransom payment. The organization did not name the hackers responsible for the cyberattack, but the incident was claimed by the notorious ALPHV/BlackCat ransomware gang in May, according to data breach news site DataBreaches.net, which reported that the group claimed it exfiltrated almost five terabytes of data. TechCrunch could not confirm this, as the ALPHV website was inaccessible at the time of writing.