An anonymous reader quotes a report from the New York Times: The Biden administration has proposed to ban all uses of trichloroethylene, an industrial solvent used in glues, other adhesives, spot removers and metal cleaners, saying exposure to even small amounts can cause cancer, damage to the central nervous system and other health effects. The proposed ban is the latest twist in a yearslong debate over whether to regulate trichloroethylene, commonly referred to as TCE. In its final weeks, the Obama administration tried to ban some uses of the chemical, only to have the Trump administration place it on an Environmental Protection Agency list for long-term consideration, a move that essentially suspended any action. Monday's proposal goes further than the Obama-era plan by prohibiting all uses of TCE.

Under the E.P.A. proposal, most uses of TCE, including those in processing commercial and consumer products, would be prohibited within one year. For other uses the agency categorized as "limited," such as use in electric vehicle batteries and the manufacturing of certain refrigerants, there would be a longer transition period and more stringent worker protections. The administration said that safer alternatives exist for most uses of TCE as a solvent. In a final evaluation this year, the E.P.A. said the chemical posed an "unreasonable risk to human health." Short-term exposure could affect a developing fetus, and high concentrations can irritate the respiratory system, the agency said. Prolonged exposure has been associated with effects in the liver, kidneys, immune system and central nervous system, it said. "This is extremely important," said Maria Doa, senior director for chemicals policy at the Environmental Defense Fund, a nonprofit advocacy organization. She said TCE "causes so many different harms at such low levels" that banning it would have widespread impacts. "It's a long time coming," she said.

PimEyes, a search engine that relies on facial recognition to help people scan billions of images to find photos of themselves on the internet, announced that it has banned searches of minors as part of the company's "no harm policy." The New York Times reports: PimEyes, a subscription-based service that uses facial recognition technology to find online photos of a person, has a database of nearly three billion faces and enables about 118,000 searches per day, according to [PimEyes CEO Giorgi Gobronidze]. The service is advertised as a way for people to search for their own face to find any unknown photos on the internet, but there are no technical measures in place to ensure that users are searching only for themselves. Parents have used PimEyes to find photos of their children on the internet that they had not known about. But the service could also be used nefariously by a stranger. It had previously banned more than 200 accounts for inappropriate searches of children's faces, Mr. Gobronidze said.

"Images of children might be used by the individuals with twisted moral compass and values, such as pedophiles, child predators," Mr. Gobronidze said. PimEyes will still allow searches of minors' faces by human rights organizations that work on children's rights issues, he added. Mr. Gobronidze said that blocking searches of children's faces had been on "the road map" since he acquired the site in 2021, but the protection was fully deployed only this month after the publication of a New York Times article on A.I.-based threats to children. Still, the block isn't airtight. PimEyes is using age detection A.I. to identify photos of minors. Mr. Gobronidze said that it worked well for children under the age of 14 but that it had "accuracy issues" with teenagers.

It also may be unable to identify children as such if they're not photographed from a certain angle. To test the blocking system, The Times uploaded a photo of Mary-Kate and Ashley Olsen from their days as child stars to PimEyes. It blocked the search for the twin who was looking straight at the camera, but the search went through for the other, who is photographed in profile. The search turned up dozens of other photos of the twin as a child, with links to where they appeared online. Mr. Gobronidze said PimEyes was still perfecting its detection system.

An anonymous reader quotes a report from 404 Media: Immigration and Customs Enforcement (ICE) has used a system called Giant Oak Search Technology (GOST) to help the agency scrutinize social media posts, determine if they are "derogatory" to the U.S., and then use that information as part of immigration enforcement, according to a new cache of documents reviewed by 404 Media. The documents peel back the curtain on a powerful system, both in a technological and a policy sense -- how information is processed and used to decide who is allowed to remain in the country and who is not.

GOST's catchphrase included in one document is "We see the people behind the data." A GOST user guide included in the documents says GOST is "capable of providing behavioral based internet search capabilities." Screenshots show analysts can search the system with identifiers such as name, address, email address, and country of citizenship. After a search, GOST provides a "ranking" from zero to 100 on what it thinks is relevant to the user's specific mission. The documents further explain that an applicant's "potentially derogatory social media can be reviewed within the interface." After clicking on a specific person, analysts can review images collected from social media or elsewhere, and give them a "thumbs up" or "thumbs down." Analysts can also then review the target's social media profiles themselves too, and their "social graph," potentially showing who the system believes they are connected to.

DHS has used GOST since 2014, according to a page of the user guide. In turn, ICE has paid Giant Oak Inc., the company behind the system, in excess of $10 million since 2017, according to public procurement records. A Giant Oak and DHS contract ended in August 2022, according to the records. Records also show Customs and Border Protection (CBP), the Drug Enforcement Administration (DEA), the State Department, the Air Force, and the Bureau of the Fiscal Service which is part of the U.S. Treasury have all paid for Giant Oak services over the last nearly ten years. The FOIA documents specifically discuss Giant Oak's use as part of an earlier 2016 pilot called the "HSI [Homeland Security Investigations] PATRIOT Social Media Pilot Program." For this, the program would "target potential overstay violators from particular visa issuance Posts located in countries of concern." "The government should not be using algorithms to scrutinize our social media posts and decide which of us is 'risky.' And agencies certainly shouldn't be buying this kind of black box technology in secret without any accountability. DHS needs to explain to the public how its systems determine whether someone is a 'risk' or not, and what happens to the people whose online posts are flagged by its algorithms," Patrick Toomey, Deputy Director of the ACLU's National Security Project, told 404 Media in an email. The documents come from a Freedom of Information Act (FOIA) lawsuit brought by both the ACLU and the ACLU of Northern California. Toomey from the ACLU then shared the documents with 404 Media.

Mac computer and iPhone maker Apple on Tuesday will announce plans to make parts, tools and documentation needed to repair its products available to independent repair shops and consumers nationwide, at fair and reasonable prices, the White House said. From a report: National Economic Council Director Lael Brainard made the announcement in remarks prepared for a White House event later Tuesday focused on the so-called "right to repair," calling on Congress to pass legislation requiring such action across the country.

The event is part of U.S. President Joe Biden's push to promote competition and crack down on so-called junk fees and other actions that increase prices for consumers. The latest effort is aimed at giving consumers more control over fixing what they own, from tractors to smart phones. Brainard said California, Colorado, New York and Minnesota had already passed right to repair laws, and 30 other states had introduced similar legislation.

China is increasing its lead over the US in AI patent filings, underscoring the Asian nation's determination to shape and influence a technology that could have broad implications for the world's richest economies. From a report: Chinese institutions applied for 29,853 AI-related patents in 2022, climbing from 29,000 the year prior, according to data that the World Intellectual Property Organization provided to Bloomberg News. That's almost 80% more than US filings, which shrank 5.5%. Overall, China accounted for more than 40% of global AI applications over the past year, the data from the United Nations-affiliated agency showed. Japan and South Korea rounded out the 2022 leaders, with a combined 16,700 applications. The numbers illustrate how Beijing has pushed Chinese companies and agencies to gain an edge in areas such as chipmaking, space exploration and military sciences. More recently, President Xi Jinping has ordered the nation to accelerate fundamental research in response to US efforts to curtail its access to advanced technologies. That's triggered a flood of investment by Chinese companies in AI and quantum computing.

Lawrence Abrams reports via BleepingComputer: 1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. "We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati. "On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing."

On Friday, Okta disclosed that threat actors breached its support case management system using stolen credentials. As part of these support cases, Okta routinely asks customers to upload HTTP Archive (HAR) files to troubleshoot customer problems. However, these HAR files contain sensitive data, including authentication cookies and session tokens that can be used to impersonate a valid Okta customer. Okta first learned of the breach from BeyondTrust, who shared forensics data with Okta, showing that their support organization was compromised. However, it took Okta over two weeks to confirm the breach.

One 80-year-old retired teacher in Los Angeles lost $69,000 in bitcoin to scammers. And 46,000 people lost over $1 billion to crypto scams since 2021 (according to America's Federal Trade Commission).

Now the Los Angeles Times reports California's new moves against scammers using bitcoin ATMs, with a bill one representative says "is about ensuring that people who have been frauded in our communities don't continue to watch our state step aside when we know that these are real problems that are happening." Starting in January, California will limit cryptocurrency ATM transactions to $1,000 per day per person under Senate Bill 401, which Gov. Gavin Newsom signed into law. Some bitcoin ATM machines advertise limits as high as $50,000... Victims of bitcoin ATM scams say limiting the transactions will give people more time to figure out they're being tricked and prevent them from using large amounts of cash to buy cryptocurrency.

But crypto ATM operators say the new laws will harm their industry and the small businesses they pay to rent space for the machines. There are more than 3,200 bitcoin ATMs in California, according to Coin ATM Radar, a site that tracks the machines' locations. "This bill fails to adequately address how to crack down on fraud, and instead takes a punitive path focused on a specific technology that will shudder the industry and hurt consumers, while doing nothing to stop bad actors," said Charles Belle, executive director of the Blockchain Advocacy Coalition...

Law enforcement has cracked down on unlicensed crypto ATMs, but it can be tough for consumers to tell how serious the industry is about addressing the concerns. In 2020, a Yorba Linda man pleaded guilty to charges of operating unlicensed bitcoin ATMs and failing to maintain an anti-money-laundering program even though he knew criminals were using the funds. The illegal business, known as Herocoin, allowed people to buy and sell bitcoin in transactions of up to $25,000 and charged a fee of up to 25%.
So there's also provisions in the law against exorbitant fees: The new law also bars bitcoin ATM operators from collecting fees higher than $5 or 15% of the transaction, whichever is greater, starting in 2025. Legislative staff members visited a crypto kiosk in Sacramento and found markups as high as 33% on some digital assets when they compared the prices at which cryptocurrency is bought and sold. Typically, a crypto ATM charges fees between 12% and 25% over the value of the digital asset, according to a legislative analysis...

Another law would by July 2025 require digital financial asset businesses to obtain a license from the California Department of Financial Protection and Innovation.

"In 2023, the state of our digital privacy is: Very Creepy." That's the verdict from Mozilla's first-ever "Annual Consumer Creep-o-Meter," which attempts to set benchmarks for digital privacy and identify trends: Since 2017, Mozilla has published 15 editions of *Privacy Not Included, our consumer tech buyers guide. We've reviewed over 500 gadgets, apps, cars, and more, assessing their security features, what data they collect, and who they share that data with. In 2023, we compared our most recent findings with those of the past five years. It quickly became clear that products and companies are collecting more personal data than ever before — and then using that information in shady ways...

Products are getting more secure, but also a lot less private. More companies are meeting Mozilla's Minimum Security Standards like using encryption and providing automatic software updates. That's good news. But at the same time, companies are collecting and sharing users' personal data like never before. And that's bad news. Many companies now view their hardware or software as a means to an end: collecting that coveted personal data for targeted advertising and training AI. For example: The mental health app BetterHelp shares your data with advertisers, social media platforms, and sister companies. The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.

An increasing number of products can't be used offline. In the past, the privacy conscious could always buy a connected device but turn off connectivity, making it "dumb." That's no longer an option in many cases. The number of connected devices that require apps and can't be used offline are increasing. This trend, coupled with the first, means it's harder and harder to keep your data private.
Privacy policies also need improvement. "Legalese, ambiguity, and policies that sprawl across multiple documents and URLs are the status quo. And it's getting worse, not better. Companies use these policies as a shield, not an actual resource for consumers." They note that Toyota has more than 10 privacy policy documents, and that it would actually take five hours to read all the privacy documents the Meta Quest Pro VR headset.

In the end they advise opting out of data collection when possible, enabling security features, and "If you're not comfortable with a product's privacy, don't buy it. And, speak up. Over the years, we've seen companies respond to consumer demand for privacy, like when Apple reformed app tracking and Zoom made end-to-end encryption a free feature."

You can also take a quiz that calculates your own privacy footprint (based on whether you're using consumer tech products like the Apple Watch, Nintendo Switch, Nook, or Telegram). Mozilla's privacy advocates award the highest marks to privacy-protecting products like Signal, Sonos' SL Speakers, and the Pocketbook eReader (an alternative to Amazon's Kindle. (Although 100% of the cars reviewed by Mozilla "failed to meet our privacy and security standards.")

The graphics on the site help make its point. As you move your mouse across the page, the cartoon eyes follow its movement...

The Washington Post tells the story of a veteran political operative and a former army intelligence officer hired to help keep in power the president of the west African nation Burkina Faso: Their company, Percepto International, was a pioneer in what's known as the disinformation-for-hire business. They were skilled in deceptive tricks of social media, reeling people into an online world comprised of fake journalists, news outlets and everyday citizens whose posts were intended to bolster support for [president Roch Marc] Kaboré's government and undercut its critics. But as Percepto began to survey the online landscape across Burkina Faso and the surrounding French-speaking Sahel region of Africa in 2021, they quickly saw that the local political adversaries and Islamic extremists they had been hired to combat were not Kaboré's biggest adversary. The real threat, they concluded, came from Russia, which was running what appeared to be a wide-ranging disinformation campaign aimed at destabilizing Burkina Faso and other democratically-elected governments on its borders.

Pro-Russian fake news sites populated YouTube and pro-Russian groups abounded on Facebook. Local influencers used WhatsApp and Telegram groups to organize pro-Russian demonstrations and praise Russian President Vladimir Putin. Facebook fan pages even hailed the Wagner Group, the Russian paramilitary network run by Yevgeniy Prigozhin, the late one-time Putin ally whose Internet Research Agency launched a disinformation campaign in the United States to influence the 2016 presidential election... Percepto didn't know the full scope of the operation it had uncovered but it warned Kaboré's government that it needed to move fast: Launch a counteroffensive online — or risk getting pushed out in a coup.

Three years later, the governments of five former French colonies, including Burkina Faso, have been toppled. The new leaders of two of those countries, Mali and Burkina Faso, are overtly pro-Russian; in a third, Niger, the prime minister installed after a July coup has met recently with the Russian ambassador. In Mali and the Central African Republic, French troops have been replaced with Wagner mercenaries...

Percepto's experience in French-speaking Africa offers a rare window into the round-the-clock information warfare that is shaping international politics — and the booming business of disinformation-for-hire. Meta, the social media company that operates Facebook, Instagram and WhatsApp, says that since 2017 it has detected more than 200 clandestine influence operations, many of them mercenary campaigns, in 68 countries.
The article also makes an interesting point. "The burden of battling disinformation has fallen entirely on Silicon Valley companies."

404 Media (working with Court Watch) reports on a $30 Million cash-for-Bitcoin laundering ring operating in the heart of New York For years, a gang operating in New York allegedly offered a cash-for-Bitcoin service that generated at least $30 million, with men standing on street corners with plastic shopping bags full of money, drive-by pickups, and hundreds of thousands of dollars laid out on tables, according to court records.

The records provide rare insight into an often unseen part of the criminal underworld: how hackers and drug traffickers convert their Bitcoin into cash outside of the online Bitcoin exchanges that ordinary people use. Rather than turning to sites like Coinbase, which often collaborate with and provide records to law enforcement if required, some criminals use underground, in-real-life Bitcoin exchanges like this gang which are allegedly criminal entities in their own right.

In a long spanning investigation by the FBI involving a confidential source and undercover agents, one member of the crew said "that at least some of his clients made money by selling drugs, that his wealthiest clients were hackers, and that he had made approximately $30 million over the prior three years through the exchange of cash for virtual currency," the court records read.
Thanks to user Slash_Account_Dot for sharing the news.

Breached web sites distribute malware to visitors by claiming they need to update their browser. But one group of attackers "have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement," reports security researcher Brian Krebs.

"By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain." [W]hen Cloudflare blocked those accounts the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and "smart contracts," or coded agreements that execute actions automatically when certain conditions are met. Nati Tal, head of security at Guardio Labs, the research unit at Tel Aviv-based security firm Guardio, said the malicious scripts stitched into hacked WordPress sites will create a new smart contract on the BSC Blockchain, starting with a unique, attacker-controlled blockchain address and a set of instructions that defines the contract's functions and structure. When that contract is queried by a compromised website, it will return an obfuscated and malicious payload.

"These contracts offer innovative ways to build applications and processes," Tal wrote along with his Guardio colleague Oleg Zaytsev. "Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted 'on-chain' without the ability for a takedown." Tal said hosting malicious files on the Binance Smart Chain is ideal for attackers because retrieving the malicious contract is a cost-free operation that was originally designed for the purpose of debugging contract execution issues without any real-world impact. "So you get a free, untracked, and robust way to get your data (the malicious payload) without leaving traces," Tal said.

In response to questions from KrebsOnSecurity, the BNB Smart Chain (BSC) said its team is aware of the malware abusing its blockchain, and is actively addressing the issue. The company said all addresses associated with the spread of the malware have been blacklisted, and that its technicians had developed a model to detect future smart contracts that use similar methods to host malicious scripts. "This model is designed to proactively identify and mitigate potential threats before they can cause harm," BNB Smart Chain wrote. "The team is committed to ongoing monitoring of addresses that are involved in spreading malware scripts on the BSC. To enhance their efforts, the tech team is working on linking identified addresses that spread malicious scripts to centralized KYC [Know Your Customer] information, when possible."

An anonymous reader quotes a report from NBC News: The Supreme Court on Friday blocked in full a lower court ruling that would have curbed the Biden administration's ability to communicate with social media companies about contentious content on such issues as Covid-19. The decision in a short unsigned order (PDF) puts on hold a Louisiana-based judge's ruling in July that specific agencies and officials should be barred from meeting with companies to discuss whether certain content should be stifled. The Supreme Court also agreed to immediately take up the government's appeal, meaning it will hear arguments and issue a ruling on the merits in its current term, which runs until the end of June. Three conservative justices noted that they would have denied the application: Samuel Alito, Clarence Thomas and Neil Gorsuch.

"At this time in the history of our country, what the court has done, I fear, will be seen by some as giving the government a green light to use heavy-handed tactics to skew the presentation of views on the medium that increasingly dominates the dissemination of news. That is most unfortunate," Alito wrote in a dissenting opinion. GOP attorneys general in Louisiana and Missouri, along with five social media users, filed the underlying lawsuit, alleging that U.S. government officials went too far in what they characterize as coercion of social media companies to address posts, especially those related to Covid-19. The individual plaintiffs include Covid-19 lockdown opponents and Jim Hoft, the owner of the right-wing website Gateway Pundit. They claim that the government's actions violated free speech protections under the Constitution's First Amendment.

Can you heat up a pan to 30,000 degrees Fahrenheit? That's the burning question at the center of this proposed class action lawsuit, which claims the advertising for SharkNinja's nonstick cookware violates the laws of physics and thermodynamics. From a report: While SharkNinja is the company best known for its Shark robovacs and Ninja kitchen gadget, this lawsuit takes issue with the Ninja NeverStick Premium Cookware collection, a line of pots and pans it advertises as having superior nonsticking and nonflaking qualities thanks to its manufacturing process.

Instead of making its pans at a measly 900-degree temperature that other brands use, SharkNinja says it heats up the cookware to a maximum of 30,000 degrees Fahrenheit. That process, according to SharkNinja, fuses "plasma ceramic particles" to the surface of the pan, "creating a super-hard, textured surface that interlocks with our exclusive coating for a superior bond." But Patricia Brown, the person who filed this lawsuit, isn't buying it. As cited in Brown's lawsuit, NASA recently said the "surface of the Sun is a blisteringly hot 10,340 degrees Fahrenheit," meaning SharkNinja's manufacturing process reaches about three times that temperature.

The popular messaging app Telegram can leak your IP address if you simply add a hacker to your contacts and accept a phone call from them. From a report: Denis Simonov, a security researcher, who is also known as n0a, recently highlighted the issue and wrote a simple tool to exploit it. TechCrunch verified the researcher's findings by adding Simonov to the contacts of a newly created Telegram account. Simonov then called the account, and shortly after provided TechCrunch with the IP address of the computer where the experiment was being carried out.

Telegram boasts 700 million users all over the world, and has always marketed itself as a "secure" and "private" messaging app, even though experts have repeatedly warned that Telegram is not as secure as end-to-end encrypted app Signal, for example. The fact that Telegram leaks your IP address to people in your contacts during a voice call has been known for years, but it's likely that new, less technical users may not be aware.

Acting on information from Microsoft and Amazon, India's Central Bureau of Investigation (CBI) has raided alleged fake tech support operators and other tech-related crims across the country. From a report: The Bureau shared news of a Thursday operation that saw it conduct 76 searches in relation to five cases. The Bureau stated its effort "was conducted in collaboration with national and international agencies, alongside private sector giants," and described two of its targets as international tech support fraud scams that "impersonated a global IT major and a multinational corporation with an online technology-driven trading platform."

The alleged scammers operated call centers in five regions of India and "systematically preyed on foreign nationals, masquerading as technical support representatives" for at least five years. The scammers sent users pop-up messages that appeared to come from multinational companies and advised of PC problems -- with a toll-free number at which assistance could be had. Victims who called the fakers had their PCs taken over, and were charged hundreds of dollars for a fix.

An anonymous reader quotes a report from Reuters: The U.S. Securities and Exchange Commission dropped claims against two Ripple Labs executives in its lawsuit alleging the blockchain company violated U.S. securities law, according to a court filing in New York on Thursday. The agency said in court papers it is dropping claims that Ripple Chief Executive Brad Garlinghouse and co-founder Chris Larsen aided and abetted sales of the cryptocurrency XRP which a judge has found amounted to unregistered sales of securities.

In its December 2020 lawsuit, the SEC accused Ripple of illegally raising more than $1.3 billion in an unregistered securities offering by selling XRP. U.S. District Judge Analisa Torres in Manhattan granted Ripple a partial win in the case in July, finding that sales of XRP on public exchanges were not unregistered securities offerings. Torres subsequently rejected a request by the SEC to appeal that ruling. She also ruled partly in the SEC's favor, saying the agency had shown the company's $728.9 million of XRP sales to hedge funds and other sophisticated buyers had violated the law.

Garlinghouse and Larsen, who have harshly criticized the SEC throughout the case, issued lengthy statements accusing the agency of a political agenda to, in Larsen's words, "suffocate crypto in America." "Instead of looking for the criminals stealing customer funds on offshore exchanges that were courting political favor, the SEC went after the good guys," Garlinghouse said, an apparent reference to Sam Bankman-Fried, founder of crypto exchange FTX. The agency said in its papers that the next step in the case is for both sides to present to the judge on what the appropriate penalty is for Ripple.

Jessica Lyons Hardcastle reports via The Register: Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe. As of October 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count.

The data included customers' names, email addresses, country of residence, purchasing info including order details, payment method and license code, and service usage info including log data and nicknames. Casio noted that it doesn't not retain customers' credit card information, so presumably people's banking info wasn't compromised in the hack. An employee discovered the incident on October 11 while attempting to work in the corporate dev environment and spotted the database failure. "At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management," the official notice said. "Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access." The intruder didn't access the ClassPad.net app, according to Casio, so that is still available for use.

An anonymous reader quotes a report from Politico: The Consumer Financial Protection Bureau on Thursday released a landmark proposal restricting how financial institutions handle consumer data. [...] The proposed rule -- which faces months of feedback and lobbying from industry and consumer groups before it's approved -- would bar financial firms from "hoarding" a consumer's data, the agency said. It would require companies to share information, at a customer's request, with other businesses offering competing products and prevent them from charging for it.

Banks would be required to make personal financial data available to consumers free of charge, and companies that access a person's data would not be able to use it for targeted advertising. Access to a person's data would have to be reauthorized annually, and consumers would have the right to revoke access at any time. The proposal, which implements Section 1033 of the 2010 Dodd-Frank law, also "seeks to move the market away from risky data collection practices" such as screen scraping, the CFPB said. "It is often really daunting for a consumer to switch banks, in part because it's difficult to take their financial transaction history data to a new bank," White House National Economic Council Director Lael Brainard said on a call with reporters. "Today's rule will help ensure financial companies compete based on service quality and pricing."

New York Attorney General Letitia James is suing three cryptocurrency companies -- Gemini, Genesis, and Digital Currency Group (DCG) -- over claims they misled investors, leading to the loss of over $1 billion. From a report: In a lawsuit filed on Thursday, James says their alleged fraudulent schemes affected over 230,000 investors. The lawsuit targets Gemini, the crypto exchange owned by Cameron and Tyler Winklevoss, and its Earn program. The firm marketed Gemini Earn as a high-yield program that involved customers investing with Genesis Global Capital, which is owned by DCG. However, James alleges that Gemini knew investing with Genesis was risky and misled customers as a result.

Universal Music has filed a copyright infringement lawsuit against artificial intelligence start-up Anthropic, as the world's largest music group battles against chatbots that churn out its artists' lyrics. From a report: Universal and two other music companies allege that Anthropic scrapes their songs without permission and uses them to generate "identical or nearly identical copies of those lyrics" via Claude, its rival to ChatGPT. When Claude is asked for lyrics to the song "I Will Survive" by Gloria Gaynor, for example, it responds with "a nearly word-for-word copy of those lyrics," Universal, Concord, and ABKCO said in a filing with a US court in Nashville, Tennessee.

"This copyrighted material is not free for the taking simply because it can be found on the Internet," the music companies said, while claiming that Anthropic had "never even attempted" to license their copyrighted work. The lawsuit comes as the music industry is grappling with the rise of AI technology that can produce "deepfake" songs that mimic the voices, lyrics, or sound of established musicians. The issue drew attention earlier this year after an AI-produced song that mimicked the voices of Drake and The Weeknd spread online.