An anonymous reader quotes a report from TechCrunch: Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city's third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 total providers on its medical staff, according to its website. In a filing with Maine's attorney general on Friday, Norton said that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during its May ransomware attack.

In a letter sent to those affected, the nonprofit said that hackers had access to "certain network storage devices between May 7 and May 9," but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system. But Norton admitted that following a "time-consuming" internal investigation, which the organization completed in November, Norton found that hackers accessed a "wide range of sensitive information," including names, dates of birth, Social Security numbers, health and insurance information and medical identification numbers. Norton Healthcare says that, for some individuals, the exposed data may have also included financial account numbers, driver licenses or other government ID numbers, as well as digital signatures. It's not known if any of the accessed data was encrypted.

Norton says it notified law enforcement about the attack and confirmed it did not pay any ransom payment. The organization did not name the hackers responsible for the cyberattack, but the incident was claimed by the notorious ALPHV/BlackCat ransomware gang in May, according to data breach news site DataBreaches.net, which reported that the group claimed it exfiltrated almost five terabytes of data. TechCrunch could not confirm this, as the ALPHV website was inaccessible at the time of writing.

The recently-departed watchdog in charge of monitoring facial recognition technology in UK has joined the private firm he controversially approved, paving the way for the mass roll-out of biometric surveillance cameras in high streets across the country. From a report: In a move critics have dubbed an "outrageous conflict of interest," Professor Fraser Sampson, former biometrics and surveillance camera commissioner, has joined Facewatch as a non-executive director. Sampson left his watchdog role on 31 October, with Companies House records showing he was registered as a company director at Facewatch the following day, 1 November.

Campaigners claim this might mean he was negotiating his Facewatch contract while in post, and have urged the advisory committee on business appointments to investigate if it may have "compromised his work in public office." It is understood that the committee is currently considering the issue. Facewatch uses biometric cameras to check faces against a watch list and, despite widespread concern over the technology, has received backing from the Home Office, and has already been introduced in hundreds of high-street shops and supermarkets.

Every five years America's federal Department of Health updates its dietary guidelines with the latest nutrition science, affecting federal nutrition programs and various other government health initiatives.

Now an anonymous reader shared this report from the Wall Street Journal: Botanists count potatoes as a vegetable. But should Americans? The U.S. Dietary Guidelines Advisory Committee has sparked the question... White potatoes, which come in various colors, are classified as "starchy vegetables." But the committee could uproot potatoes from the vegetable bin and toss them in with a broader category of rice, other grains and carbohydrates as the Departments of Agriculture and Health and Human Services weigh updates to national diet guidelines for 2025.

The scientific debate isn't easy to follow. But it sounds like a half-baked idea to Kam Quarles, chief executive of the National Potato Council, a potato-industry group. The dietary guidelines shape nutrition advice to Americans, as well as what foods are served in school cafeterias. Potatoes, according to Quarles, should be respected as a gateway vegetable. "Kids are far more likely to eat" dishes with other vegetables if potatoes are involved, he said.

Not all parents swallow that a trail of tubers leads to leafy greens. Some complained about a Peppa Pig animated cartoon that featured a potato preaching the nutritional value of vegetables. "By the power of vegetables, I am here," Super Potato said, soaring through the sky, singing, "Fruit and vegetables keep us alive. Always remember to eat your five." The U.K.'s National Health Service, for one, doesn't count spuds toward the U.K.'s recommended five portions of fruits and vegetables a day. "It's a giant spud singing it. You're, like, 'Really? A potato's one of your five a day?'" said Dan Greef, the owner of Deliciously Guilt Free, a sugar-free bakery in Cambridge, U.K. He spent years persuading his two children to eat vegetables. Then, he said, "a drawing of a potato tells you it's fine, and you don't listen to your dad...."

Nutrition researchers say the potato contains helpful nutrients, including potassium and vitamin C, but its health benefits are diminished when it is fried. Nearly half of all U.S. potatoes eaten as food go into frozen products, mostly french fries, the USDA found.
For comparison, the article points out that under U.S. dietary guidelines, "corn on the cob is a starchy vegetable, while cornmeal is a grain."

Four Republican candidates for U.S. president debated Wednesday — and moderator Megyn Kelly had a tough question for former South Carolina governor Nikki Haley. "Can you please speak to the requirement that you said that every anonymous internet user needs to out themselves?" Nikki Haley: What I said was, that social media companies need to show us their algorithms. I also said there are millions of bots on social media right now. They're foreign, they're Chinese, they're Iranian. I will always fight for freedom of speech for Americans; we do not need freedom of speech for Russians and Iranians and Hamas. We need social media companies to go and fight back on all of these bots that are happening. That's what I said.

As a mom, do I think social media would be more civil if we went and had people's names next to that? Yes, I do think that, because I think we've got too much cyberbullying, I think we've got child pornography and all of those things. But having said that, I never said government should go and require anyone's name.

DeSantis: That's false.

Haley: What I said —

DeSantis:You said I want your name. As president of the United States, her first day in office, she said one of the first things I'm going to do --

Haley: I said we were going to get the millions of bots.

DeSantis: "All social medias? I want your name." A government i.d. to dox every American. That's what she said. You can roll the tape. She said I want your name — and that was going to be one of the first things she did in office. And then she got real serious blowback — and understandably so, because it would be a massive expansion of government. We have anonymous speech. The Federalist Papers were written with anonymous writers — Jay, Madison, and Hamilton, they went under "Publius". It's something that's important — and especially given how conservatives have been attacked and they've lost jobs and they've been cancelled. You know the regime would use that to weaponize that against our own people. It was a bad idea, and she should own up to it.

Haley: This cracks me up, because Ron is so hypocritical, because he actually went and tried to push a law that would stop anonymous people from talking to the press, and went so far to say bloggers should have to register with the state --

DeSantis:That's not true.

Haley: — if they're going to write about elected officials. It was in the — check your newpaper. It was absolutely there.
DeSantis quickly attributed the introduction of that legislation to "some legislator".

The press had already extensively written about Haley's position on anonymity on social media. Three weeks ago Business Insider covered a Fox News interview, and quoted Nikki Haley as saying: "When I get into office, the first thing we have to do, social media companies, they have to show America their algorithms. Let us see why they're pushing what they're pushing. The second thing is every person on social media should be verified by their name." Haley said this was why her proposals would be necessary to counter the "national security threat" posed by anonymous social media accounts and social media bots. "When you do that, all of a sudden people have to stand by what they say, and it gets rid of the Russian bots, the Iranian bots, and the Chinese bots," Haley said. "And then you're gonna get some civility when people know their name is next to what they say, and they know their pastor and their family member's gonna see it. It's gonna help our kids and it's gonna help our country," she continued... A representative for the Haley campaign told Business Insider that Haley's proposals were "common sense."

"We all know that America's enemies use anonymous bots to spread anti-American lies and sow chaos and division within our borders. Nikki believes social media companies need to do a better job of verifying users so we can crack down on Chinese, Iranian, and Russian bots," the representative said.
The next day CNBC reported that Haley "appeared to add a caveat... suggesting Wednesday that Americans should still be allowed to post anonymously online." A spokesperson for Haley's campaign added, "Social media companies need to do a better job of verifying users as human in order to crack down on anonymous foreign bots. We can do this while protecting America's right to free speech and Americans who post anonymously."

Privacy issues had also come up just five minutes earlier in the debate. In March America's Treasury Secretary had recommended the country "advance policy and technical work on a potential central bank digital currency, or CBDC, so the U.S. is prepared if CBDC is determined to be in the national interest."

But Florida governor Ron DeSantis spoke out forecefully against the possibility. "They want to get rid of cash, crypto, they want to force you to do that. They'll take away your privacy. They will absolutely regulate your purchases. On Day One as president, we take the idea of Central Bank Digital Currency, and we throw it in the trash can. It'll be dead on arrival." [The audience applauded.]

15,279 people live in the rural Minnesota town of Bemidji. But now mail carriers there, "overwhelmed by Amazon packages, say they've been warned not to use the word 'Amazon,' including when customers ask why the mail is delayed," reports the Washington Post: "We are not to mention the word 'Amazon' to anyone," said a mail carrier who spoke on the condition of anonymity to protect their job. "If asked, they're to be referred to as 'Delivery Partners' or 'Distributors,'" said a second carrier. "It's ridiculous." The directive, passed down Monday morning from U.S. Postal Service management, comes three weeks after mail carriers in the northern Minnesota town staged a symbolic strike outside the post office, protesting the heavy workloads and long hours caused by the sudden arrival of thousands of Amazon packages...

In addition to being banned from saying "Amazon," postal workers have also been told their jobs could be at risk if they speak publicly about post office issues. Staffers were told they could attend Tuesday's meeting only on their 30-minute lunch break if they changed out of uniform, mail carriers said. One mail carrier said he'd been warned there could be "consequences" for those who showed up.

Postal customers in Bemidji have been complaining about late and missing mail since the beginning of November, when the contract for delivering Amazon packages in town switched from UPS to the post office. Mail carriers told The Post last month that they were instructed to deliver packages before the mail, leaving residents waiting for tax rebates, credit card statements, medical documents and checks...

The post office has held a contract to deliver Amazon packages on Sundays since 2013. The agency, which has lost $6.5 billion in the past year, has said that it's crucial to increase package volume by cutting deals with Amazon and other retailers.
Tuesday the town's mayor held a listening session for the state's two senators with Bemidji residents, whose complaints included "missing medications and late bills resulting in fees." Senator Amy Klobuchar later told the Post that "We need a very clear commitment that we're not going to be prioritizing Amazon packages over regular mail," promising to explore improving postal staffing and pay for rural carriers. On Monday, the Minnesota senators introduced a bill called the Postal Delivery Accountability Act, which would require the post office to improve tracking and reporting of delayed and undelivered mail nationally.

The Biden administration is threatening to cancel the patents of some costly medications to allow rivals to make their own more affordable versions. The Associated Press reports: Under a plan announced Thursday, the government would consider overriding the patent for high-priced drugs that have been developed with the help of taxpayer money and letting competitors make them in hopes of driving down the cost. In a 15-second video released to YouTube on Wednesday night, President Joe Biden promised the move would lower prices. "Today, we're taking a very important step toward ending price gouging so you don't have to pay more for the medicine you need," he said.

White House officials would not name drugs that might potentially be targeted. The government would consider seizing a patent if a drug is only available to a "narrow set of consumers," according to the proposal that will be open to public comment for 60 days. Drugmakers are almost certain to challenge the plan in court if it is enacted. [...] The White House also intends to focus more closely on private equity firms that purchase hospitals and health systems, then often whittle them down and sell quickly for a profit. The departments of Justice and Health and Human Services, and the Federal Trade Commission will work to share more data about health system ownership.

While only a minority of drugs on the market relied so heavily on taxpayer dollars, the threat of a government "march-in" on patents will make many pharmaceutical companies think twice, said Jing Luo, a professor of medicine at University of Pittsburgh. "If I was a drug company that was trying to license a product that had benefited heavily from taxpayer money, I'd be very careful about how to price that product," Luo said. "I wouldn't want anyone to take my product away from me."

An anonymous reader quotes a report from the Associated Press: European Union negotiators clinched a deal Friday on the world's first comprehensive artificial intelligence rules, paving the way for legal oversight of technology used in popular generative AI services like ChatGPT that has promised to transform everyday life and spurred warnings of existential dangers to humanity. Negotiators from the European Parliament and the bloc's 27 member countries overcame big differences on controversial points including generative AI and police use of facial recognition surveillance to sign a tentative political agreement for the Artificial Intelligence Act.

"Deal!" tweeted European Commissioner Thierry Breton, just before midnight. "The EU becomes the very first continent to set clear rules for the use of AI." The result came after marathon closed-door talks this week, with one session lasting 22 hours before a second round kicked off Friday morning. Officials provided scant details on what exactly will make it into the eventual law, which wouldn't take effect until 2025 at the earliest. They were under the gun to secure a political victory for the flagship legislation but were expected to leave the door open to further talks to work out the fine print, likely to bring more backroom lobbying.

The AI Act was originally designed to mitigate the dangers from specific AI functions based on their level of risk, from low to unacceptable. But lawmakers pushed to expand it to foundation models, the advanced systems that underpin general purpose AI services like ChatGPT and Google's Bard chatbot. Foundation models looked set to be one of the biggest sticking points for Europe. However, negotiators managed to reach a tentative compromise early in the talks, despite opposition led by France, which called instead for self-regulation to help homegrown European generative AI companies competing with big U.S rivals including OpenAI's backer Microsoft. [...] Under the deal, the most advanced foundation models that pose the biggest "systemic risks" will get extra scrutiny, including requirements to disclose more information such as how much computing power was used to train the systems.

Slash_Account_Dot writes: The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person that the suspect met on the dating section of porn site xHamster, according to a newly unsealed court record. Despite the relatively unconvincing cover story concocted by the suspect, including the use of a clearly non-government ProtonMail email address, Verizon handed over the victim's data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife, according to the record.

The news is a massive failure by Verizon who did not verify that the data request was fraudulent, and the company potentially put someone's safety at risk. The news also highlights the now common use of fraudulent emergency data requests (EDRs) or search warrants in the digital underworld, where criminals pretend to be law enforcement officers, fabricate an urgent scenario such as a kidnapping, and then convince telecoms or tech companies to hand over data that should only be accessible through legitimate law enforcement requests. As 404 Media previously reported, some hackers are using compromised government email accounts for this purpose.

U.S. antitrust regulators told a federal appeals court Wednesday that a federal judge got it wrong when she allowed Microsoft's $69 billion purchase of Activision to close. Reuters reports: Speaking for the Federal Trade Commission, lawyer Imad Abyad argued that the lower-court judge held the agency to too high a standard, effectively requiring it to prove that the deal was anticompetitive. He told a three-judge appeals court panel in California that the FTC had only to show that Microsoft had the ability and incentive to withhold Activision's games from rival game platforms to prove the agency's case. He said the FTC "showed that in the past that's what Microsoft did," referring to allegations that Microsoft made some Zenimax games exclusive after buying that company.

Speaking for Microsoft, lawyer Rakesh Kilaru called the FTC case "weak" and said that the agency had asked the lower-court judge for too much leeway. "It is also clear that the standard can't be as low as the FTC is suggesting," he said. "It can't be kind of a mere scintilla of evidence." He argued that the agency failed to show that Microsoft had an incentive to withhold "Call of Duty" from rival gaming platforms. The judges actively questioned both attorneys, with Judge Daniel Collins pressing the FTC's attorney on how concessions that Microsoft gave British antitrust enforcers affect the U.S. market. He also appeared to take issue with Abyad's assertions that more analysis of the deal was necessary, especially since Microsoft had struck agreements with rivals recently, including one with Sony this past summer. "This was not a rush job on the part of the FTC," he said.

Two antitrust scholars who listened to the arguments said the FTC faced a tough slog to prevail. A finding of "clear error" by a lower court judge is "really stark," said Alden Abbott, a former FTC general counsel, comparing it to the idea that a court ignored key evidence from a witness. Abbott said the appeals court noted that the trial judge had considered "a huge amount of record evidence."

Jason Koebler reports via 404 Media: A judge rejected John Deere's motion to dismiss a landmark class action lawsuit over the agricultural giant's repair monopolies, paving the way for a trial that will determine whether the company's repair practices are illegal. The case will specifically examine whether Deere has engaged in a "conspiracy" in which Deere and its dealerships have driven up the cost of repair while preventing independent and self-repair of tractors that farmers own.

In a forceful, 89-page memorandum, U.S. District Court Judge Iain Johnson wrote that the founder of John Deere "was an innovative farmer and blacksmith who -- with his own hands -- fundamentally changed the agricultural industry." Deere the man "would be deeply disappointed in his namesake corporation" if the plaintiffs can ultimately prove their antitrust allegations against Deere the company, which are voluminous and well-documented. Reuters first reported on Johnson's memo.

At issue are the many tactics Deere has used to make it more difficult and often impossible for farmers to repair their own tractors, from software locks and "parts pairing" that prevent farmers from replacing parts without the authorization of a Deere dealership. "Only Deere and Dealer authorized technicians have access to the Repair Tools, and Deere withholds these resources from farmers and independent repair shops," Johnson wrote.

One of the suggestions in a recent report (PDF) from the European Parliament's Committee on Internal Market and Consumer Protection is to expand geo-blocking restrictions to the audiovisual sector, including streaming platforms. This has spooked some stakeholders who warn that a ban on geo-blocking would put the entire industry at risk. TorrentFreak reports: The report recommends the EU Commission to launch a comprehensive review of the current geo-blocking regulation and have that completed by 2025. It also carries several suggestions for improvement and expansion of the current rules. "The data presented in the report suggest that the effects of such an [geo-blocking] extension would vary by type of content, depending on the level of consumer demand and on the availability of content across the EU," the report's summary reads. "As regards an extension to audio-visual content, it highlights potential benefits for consumers, notably in the availability of a wider choice of content across borders. The report also identifies the potential impact that such an extension of the scope would have on the overall dynamics of the audio-visual sector, but concludes that it needs to be further assessed."

The proposals don't include the abolishment of all territorial licenses in the EU, and they're mindful of the potential impact on the industry. Nevertheless, some industry insiders are spooked; the Creativity Works! coalition (CW), for example, which counts the MPA, ACT, and the Premier League among its members. According to CW, geo-blocking technology is crucial to the creative and cultural industries in Europe. "Geo-blocking is one of the foundations for Europe's creative and cultural sectors, providing Europeans with the means to create, produce, showcase, publish, distribute and finance diverse, high-quality and affordable content," they write.

Banning geo-blocking altogether would be a disaster that puts millions of jobs and hundreds of billions of euros in revenue at risk, CW warns. At the same time, it may result in more expensive subscriptions for many consumers. "Ending geo-blocking's exclusive territorial licensing would threaten 10,000 European cinemas, access to over 8,500 European VOD films and up to half of European film budgets," CW writes. "What's more, over 100 million European fans could pay more to view the same sports coverage, while major digital streaming platforms might be forced to introduce sharp hikes for consumers in many European countries." Understandably, the movie industry is concerned about legislation that upsets the status quo. However, the IMCO report doesn't recommend a wholesale ban on territorial licenses but aims to ensure that content is available in regions where it currently isn't. At this stage, nothing is set in stone, so proposals could change. However, the present recommendations appear to seek a balance between the interests of the entertainment industry and the public at large.

"Researchers have identified a large number of bugs to do with the processing of images at boot time," writes longtime Slashdot reader jd. "This allows malicious code to be installed undetectably (since the image doesn't have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack." Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year's worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. "Once arbitrary code execution is achieved during the DXE phase, it's game over for platform security," researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. "From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started." From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device -- a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June -- runs standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.

"A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo," reports Ars. "People who want to know if a specific device is vulnerable should check with the manufacturer."

"The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday's coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It's also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs."

Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. From a report: In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones. Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. [...] That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said.

He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying. In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

An anonymous reader quotes a report from Ars Technica: In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering barriers to spying activities that currently require human labor. In the piece, Schneier notes that the existing landscape of electronic surveillance has already transformed the modern era, becoming the business model of the Internet, where our digital footprints are constantly tracked and analyzed for commercial reasons.

Spying, by contrast, can take that kind of economically inspired monitoring to a completely new level: "Spying and surveillance are different but related things," Schneier writes. "If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did." Schneier says that current spying methods, like phone tapping or physical surveillance, are labor-intensive, but the advent of AI significantly reduces this constraint. Generative AI systems are increasingly adept at summarizing lengthy conversations and sifting through massive datasets to organize and extract relevant information. This capability, he argues, will not only make spying more accessible but also more comprehensive. "This spying is not limited to conversations on our phones or computers," Schneier writes. "Just as cameras everywhere fueled mass surveillance, microphones everywhere will fuel mass spying. Siri and Alexa and 'Hey, Google' are already always listening; the conversations just aren't being saved yet." [...]

In his editorial, Schneier raises concerns about the chilling effect that mass spying could have on society, cautioning that the knowledge of being under constant surveillance may lead individuals to alter their behavior, engage in self-censorship, and conform to perceived norms, ultimately stifling free expression and personal privacy. So what can people do about it? Anyone seeking protection from this type of mass spying will likely need to look toward government regulation to keep it in check since commercial pressures often trump technological safety and ethics. [...] Schneier isn't optimistic on that front, however, closing with the line, "We could prohibit mass spying. We could pass strong data-privacy rules. But we haven't done anything to limit mass surveillance. Why would spying be any different?" It's a thought-provoking piece, and you can read the entire thing on Slate.

An anonymous reader shares a report: After a spy camera designed to look like a towel hook was purchased on Amazon and illegally used for months to capture photos of a minor in her private bathroom, Amazon was sued. The plaintiff -- a former Brazilian foreign exchange student then living in West Virginia -- argued that Amazon had inspected the camera three times and its safety team had failed to prevent allegedly severe, foreseeable harms still affecting her today.

Amazon hoped the court would dismiss the suit, arguing that the platform wasn't responsible for the alleged criminal conduct harming the minor. But after nearly eight months deliberating, a judge recently largely denied the tech giant's motion to dismiss. Amazon's biggest problem persuading the judge was seemingly the product descriptions that the platform approved. An amended complaint included a photo from Amazon's product listing that showed bathroom towels hanging on hooks that disguised the hidden camera. Text on that product image promoted the spycams, boasting that they "won't attract attention" because each hook appears to be "a very ordinary hook."

Because "Amazon approved product descriptions suggesting consumers use" the spycam "to record private moments in a bathroom," US district judge Robert Chambers wrote, "Amazon cannot claim shock when a consumer does just that." "These allegations raise a reasonable inference Amazon sold a camera knowing it would be used to record a third party in a bathroom without their consent," Chambers wrote.

Trevor Jacob, a daredevil YouTuber who deliberately crashed a plane for views in a moneymaking scheme, has been sentenced to six months in federal prison. Jacob posted a video of himself in 2021 parachuting out of a plane that he claimed had malfunctioned. In reality, the aircraft was purposely abandoned and crashed into the Los Padres National Forest in Southern California. From a report: Jacob pleaded guilty to one felony count of destruction and concealment with the intent to obstruct a federal investigation on June 30. "It appears that (Jacob) exercised exceptionally poor judgment in committing this offense," prosecutors said in the release. "(Jacob) most likely committed this offense to generate social media and news coverage for himself and to obtain financial gain. Nevertheless, this type of 'daredevil' conduct cannot be tolerated."

Jacob received a sponsorship from a company and had agreed to promote the company's wallet in the YouTube video that he would post. [...] The release said Jacob lied to federal investigators when he filed a report that falsely indicated his plane lost full power approximately 35 minutes into the flight. He also lied to a Federal Aviation Administration aviation safety inspector when he said he had parachuted out of the plane when the airplane's engine had quit because he could not identify any safe landing options.

At the Reagan National Defense Forum in Simi Valley, California, on Saturday, US Commerce Secretary Gina Raimondo issued a cautionary statement to Nvidia, urging them to stop redesigning AI chips for China that maneuver around export restrictions. "We cannot let China get these chips. Period," she said. "We're going to deny them our most cutting-edge technology." Fortune reports: Raimondo said American companies will need to adapt to US national security priorities, including export controls that her department has placed on semiconductor exports. "I know there are CEOs of chip companies in this audience who were a little cranky with me when I did that because you're losing revenue," she said. "Such is life. Protecting our national security matters more than short-term revenue."

Raimondo called out Nvidia Corp., which designed chips specifically for the Chinese market after the US imposed its initial round of curbs in October 2022. "If you redesign a chip around a particular cut line that enables them to do AI, I'm going to control it the very next day," Raimondo said. Communication with China can help stabilize ties between the two countries, but "on matters of national security, we've got to be eyes wide open about the threat," she said. "This is the biggest threat we've ever had and we need to meet the moment," she said. Further reading: Nvidia CEO Says US Will Take Years To Achieve Chip Independence

An anonymous reader quotes a report from Ars Technica: US Senator Edward Markey (D-Mass.) is one of the more technologically engaged of our elected lawmakers. And like many technologically engaged Ars Technica readers, he does not like what he sees in terms of automakers' approach to data privacy. On Friday, Sen. Markey wrote to 14 car companies with a variety of questions about data privacy policies, urging them to do better. As Ars reported in September, the Mozilla Foundation published a scathing report on the subject of data privacy and automakers. The problems were widespread -- most automakers collect too much personal data and are too eager to sell or share it with third parties, the foundation found.

Markey noted (PDF) the Mozilla Foundation report in his letters, which were sent to BMW, Ford, General Motors, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Nissan, Stellantis, Subaru, Tesla, Toyota, and Volkswagen. The senator is concerned about the large amounts of data that modern cars can collect, including the troubling potential to use biometric data (like the rate a driver blinks and breathes, as well as their pulse) to infer mood or mental health. Sen. Markey is also worried about automakers' use of Bluetooth, which he said has expanded "their surveillance to include information that has nothing to do with a vehicle's operation, such as data from smartphones that are wirelessly connected to the vehicle." "These practices are unacceptable," Markey wrote. "Although certain data collection and sharing practices may have real benefits, consumers should not be subject to a massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese. Cars should not -- and cannot -- become yet another venue where privacy takes a backseat."

The 14 automakers have until December 21 to answer Markey's questions.

Long-time Slashdot reader nmb3000 writes: The Electronic Frontier Foundation has published a new white paper, Privacy First: A Better Way to Address Online Harms , to propose an alternative to the "often ill-conceived, bills written by state, federal, and international regulators to tackle a broad set of digital topics ranging from child safety to artificial intelligence." According to the EFF, "these scattershot proposals to correct online harm are often based on censorship and news cycles. Instead of this chaotic approach that rarely leads to the passage of good laws, we propose another solution."
The EFF writes:

100 miles south of the Canadian border, the tiny town of Bemidji, Minnesota "has been bombarded by a sudden onslaught of Amazon packages" since early November, reports the Washington Post, "and local postal workers say they have been ordered to deliver those packages first."

A spokesperson for the U.S. Postal Service tells the Post that's not true, and that their service "does not prioritize the delivery of packages from Amazon or other customers."

But whatever's going on, the Post reports that "The result has been chaos..." Mail is getting backed up, sometimes for days, leaving local residents waiting for checks, credit card statements, health insurance documents and tax rebates. Routes meant to take eight or nine hours are stretching to 10 or 12. At least five carriers have quit, and the post office has banned scheduled sick days for the rest of the year, carriers say... Dennis Nelson, a veteran mail carrier, said he got so frustrated watching multiple co-workers "breaking down and crying" that he staged a symbolic strike earlier this month outside the post office where he has worked for more than 20 years...

Bemidji is not the only place where postal workers say they have been overwhelmed by packages from Amazon... Carriers and local officials say mail service has been disrupted in rural communities from Portland, Maine, to Washington state's San Juan Islands.

The situation stems from a crisis at the Postal Service, which has lost $6.5 billion in the past year. The post office has had a contract with Amazon since 2013, when it started delivering packages on Sundays. But in recent years, that business has exploded as Amazon has increasingly come to rely on postal carriers to make "last-mile" deliveries in harder-to-reach rural locations. The Postal Service considers the contract proprietary and has declined to disclose its terms. But U.S. Postmaster General Louis DeJoy has said publicly that "increasing package volume" — not just from Amazon, but from FedEx and UPS as well — is key to the mail service's financial future. In a Nov. 14 speech to the Postal Service Board of Governors, DeJoy said he wants the post office to become the "preferred delivery provider in the nation...."

In bigger cities, Amazon has its own distribution network, which takes some of the pressure off the post office. But in rural areas, where carriers drive miles of lonely routes in their personal vehicles, the arrangement has caused problems. In the mountains of Colorado, biologists in Crested Butte are struggling with the delay of time-sensitive samples, the Denver Post reported in September, while mail carriers in Carbondale say they are overwhelmed by Amazon packages. Other Minnesota towns including Brainerd and La Porte have been hit hard by Amazon in the past, carriers said...

Partenheimer defended the post office's record in an email, while conceding "much work remains to be done...."
An Amazon spokesperson told the Post "We work directly with the USPS to balance our delivery needs with their available capacity," and "we'll continue to collaborate on package volume each week and adjust as needed."