China is in the process of raising more than $27 billion for its largest chip fund to date, accelerating the development of cutting-edge technologies to counter a US campaign to thwart its rise. From a report: The National Integrated Circuit Industry Investment Fund is amassing a pool of capital from local governments and state enterprises for its third vehicle that should exceed the 200 billion yuan of its second fund, according to people familiar with the matter. Known as the Big Fund, the state-backed firm is expanding its remit just as the US prepares to sharply escalate technology curbs designed to curtail Chinese chip and artificial intelligence progress.

The establishment of a much larger third fund -- directly overseen by China's powerful tech ministry -- signals a resurgent effort to harness the world's largest semiconductor market after years of mixed success with central stewardship. Huawei and its partner Semiconductor Manufacturing International Corp. still had to rely on US-origin technology to build an advanced processor last year.

Mexico is waiting for the United States to provide evidence that shows imported genetically modified corn is safe for human consumption. "In a written submission to a panel of the United States-Mexico-Canada Agreement, Mexico, the top buyer of U.S. corn, argued that science proves GM corn and the herbicide glyphosate are harmful to human health and its native varieties, and that its decree to ban GM corn for human consumption is within its right," reports Reuters. From the report: [Deputy Agriculture Secretary Victor Suarez] said the onus is now on the United States to show GM corn is not harming Mexico's population, which consumes a higher amount of corn than many countries through daily diet staples like nixtamalized dough and tortilla. The United States "argues that the decisions in Mexico are not based on science and that their decisions are," Suarez told Reuters in an interview. "But we still haven't seen the science of the United States or the companies. We are looking forward to that study with great pleasure."

A spokesman for the U.S. Department of Agriculture said Mexico's approach to biotechnology runs counter to "decades' worth of evidence demonstrating its safety." A senior official for the U.S. Trade Representative said, "Scientific authorities, including in Mexico, have consistently found biotech products like corn to be safe over a period of decades." [...] Mexico's written response cited studies it said showed links between GM corn consumption and glyphosate exposure to liver inflammation in people and impacts to immune response in animals, saying it considers the risk to human health "extremely serious."

The United States in August requested a dispute settlement panel under the USMCA over Mexico's decree to ban GM corn for human consumption, specifically in the use of making flour for tortillas. The decree allows the use of GM yellow corn in animal feed, which accounts for the majority of Mexico's nearly $5.9 billion worth of U.S. corn imports annually. Washington argues Mexico's decree banning imports of GM corn used for tortillas is not based on science and violates its commitments under the USMCA, which has been in place since 2020. "There is no impact on trade," Suarez said of Mexico's decree. "The value and volume of exports of GM corn to Mexico has increased."

Mexico's decree also calls for the gradual substitution of GM corn, a point of contention highlighted by U.S. officials. In its written response, Mexico argued that no specific time frame has been established and therefore it has had no trade impact. "It is a strategic goal, like the United States would like to have energy sovereignty and energy self-sufficiency," Suarez said. The United States is expected to issue a rebuttal to Mexico's response.

An anonymous reader quotes a report from The Week Magazine: The advancement of new technologies appears to have given rise to a new problem across the United States: a crippling power shortage on the horizon. The advent of these technologies, such as eco-friendly factories and data centers, has renewed concerns that America could run out of electrical power. These worries also come at a time when the United States' aging power grid is in desperate need of repair. Heavily publicized incidents such as the 2021 Texas power outage, which was partially blamed on crypto-farming, exposed how vulnerable the nation's power supply is, especially during emergencies. There have also been warnings from tech moguls such as Elon Musk, who has stated that the United States is primed to run out of electricity and transformers for artificial intelligence in 2025. But the push to extend the life of the nation's power grid, while also maintaining eco-friendly sustainability, begs the question: Is the United States really at risk of going dark?

The emergence of new technologies means demand is soaring for power across the country; in Georgia, "demand for industrial power is surging to record highs, with the projection of electricity use for the next decade now 17 times what it was only recently," Evan Halper said for The Washington Post. Northern Virginia "needs the equivalent of several large nuclear power plants to serve all [its] new data centers," Halper said, while Texas faces a similar problem. This demand is resulting in a "scramble to try to squeeze more juice out of an aging power grid." At the same time, companies are "pushing commercial customers to go to extraordinary lengths to lock down energy sources, such as building their own power plants," Halper said. Much of this relates to the "rapid innovation in artificial intelligence, which is driving the construction of large warehouses of computing infrastructure," Halper said. This infrastructure requires significantly more power than traditional data centers, with the aforementioned crypto farms also sucking up massive amounts of power.

Climate change is also hurting sustainability efforts. A recent report from the North American Electric Reliability Corporation estimated that more than 300 million people in the U.S. and Canada could face power shortages in 2024. It also found that electricity demand is rising faster now than at any time in the past five years. This is partially because the "push for the electrification of heating and transportation systems -- including electric cars -- is also creating new winter peaks in electricity demand," Jeremy Hsu said for New Scientist. One of the main issues with these sustainability efforts is the push to move away from fossil fuels toward renewable power. Natural gas is often seen as a bridge between fossils and renewables, but this has also had unintended consequences for the power grid. The system delivering natural gas "doesn't have to meet the same reliability standards as the electric grid, and in many cases, there's no real way to guarantee that fuel is available for the gas plants in the winter," Thomas Rutigliano of the Natural Resources Defense Council said to New Scientist. As a result, the "North American electricity supply has become practically inseparable from the natural gas supply chain," John Moura of the North American Electric Reliability Corporation said to New Scientist. As such, a "reliable electricity supply that lowers the risk of power outages depends on implementing reliability standards for the natural gas industry moving forward," but this may be easier said than done.

An anonymous reader quotes a report from BleepingComputer: FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report (PDF), which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime. Both figures continue a worrying trend seen by the agency since 2019, where complaints and losses rise yearly. For 2023, the types of crimes that increased were tech support scams and extortion, whereas phishing, personal data breach, and non-payment/non-delivery scams slightly waned.

The U.S. Securities and Exchange Commission on Wednesday approved a rule that will require some public companies to report their greenhouse gas emissions and climate risks, after last-minute revisions that weakened the directive in the face of strong pushback from companies. From a report: The rule was one of the most anticipated in recent years from the nation's top financial regulator, drawing more than 24,000 comments from companies, auditors, legislators and trade groups over a two-year process. It brings the U.S. closer to the European Union and California, which moved ahead earlier with corporate climate disclosure rules.

The SEC rule passed 3-2, with three Democratic commissioners supporting it and two Republicans opposed. Since the SEC proposed a rule two years ago, experts had said it was likely to face litigation almost immediately. SEC Chairman Gary Gensler, one of the Democrats, acknowledged that was a factor the agency considered as it worked toward a final rule. "We've seriously considered what people have said about our legal authorities," Gensler said on Wednesday.

dcblogs writes: A recent study in the National Bureau of Economic Research has found that companies are quietly adapting to rising temperatures by shifting operations from hotter to cooler locations. The researchers analyzed data from 50,000 companies between 2009 and 2020. "To illustrate the economic impact, the researchers found that when a company with equal employment across two counties experiences a heat shock in one county, there is a subsequent 0.7% increase in employment growth in the unaffected county over a three-year horizon," reports TechTarget. "The finding is significant, given that the mean employment growth for the sample of businesses in the study is 2.4%."

Heat shocks are characterized by their severe impact on health, energy grids, and increased fire risks, influencing companies with multiple locations to reconsider their geographical distribution of operations. Despite this trend, states like Arizona and Nevada, which have some of the highest heat-related death tolls, continue to experience rapid business expansion. Experts believe that factors such as labor pool, taxes, and regulations still outweigh environmental climate risks when it comes to business site selection. But heat associated deaths are on the rise. In the Phoenix area alone, it experienced 425 heat related deaths in 2022 and a similar number in 2023 -- record highs for this region.

The study suggests that the implications of climate change on business operations are becoming more apparent. Companies are beginning to evaluate climate risks as part of their regular risk assessment process.

A new report warns that a boom in computer chip manufacturing in the US could fuel demand for dirty energy, despite companies' environmental claims. The solution for manufacturers, surprisingly, might be to act more like other big tech companies chasing climate goals. From a report: New semiconductor factories being built in the US by four of the biggest manufacturers -- Intel, TSMC, Samsung, and Micron -- could use more than twice as much electricity as the city of Seattle once they're operational. These companies claim to run on renewable energy, but according to an analysis by nonprofit Stand.earth, that's not entirely true. Semiconductors happen to make up a big chunk of a device's carbon footprint. And unless companies turn to clean energy, they could wind up driving up greenhouse gas emissions as domestic chip manufacturing makes a comeback.

The CHIPS and Science Act, which passed in 2022, set aside $52.7 billion in funding for domestic chip manufacturing. Now, the four companies scrutinized in the report have plans to build megafactories in Arizona, Ohio, Oregon, Idaho, Texas, and New York. Each of those megafactories alone could use as much electricity as a medium-sized town, according to the report. Cumulatively, nine facilities could eventually add 2.1 gigawatts in new electricity demand. "We're not slowing down on any of our sustainability commitments, even with our recently announced investments," Intel said in an email.

In a first-of-its-kind prosecution, a California man was arrested and charged Monday with allegedly smuggling potent, greenhouse gases from Mexico. From a report: Michael Hart, a 58-year-old man from San Diego, pleaded not guilty to smuggling hydrofluorocarbons, or HFCs -- commonly used in air conditioning and refrigeration -- and selling them for profit, in a federal court hearing Monday. According to the indictment, Hart allegedly purchased the HFCs in Mexico and smuggled them into the US in the back of his truck, concealed under a tarp and tools. He is then alleged to have sold them for a profit on sites including Facebook Marketplace and OfferUp. [...] Hart has pleaded not guilty to 13 charges including conspiracy, importation contrary to law and sale of merchandise imported contrary to law. The charges carry potential prison sentences ranging from five to 20 years.

HFCs, which are also used in building insulation, fire extinguishing systems and aerosols, are banned from import into the US without permission from the Environmental Protection Agency. These greenhouse gases are short-lived in the atmosphere," but powerful -- some are thousands of times more potent than carbon dioxide in the near-term. "The illegal smuggling of hydrofluorocarbons, a highly potent greenhouse gas, undermines international efforts to combat climate change," said David M. Uhlmann, the assistant administrator for the EPA's Office of Enforcement and Compliance Assurance. "Anyone who seeks to profit from illegal actions that worsen climate change must be held accountable," he added. "Today is a significant milestone for our country," said US Attorney Tara McGrath in a statement. "This is the first time the Department of Justice is prosecuting someone for illegally importing greenhouse gases, and it will not be the last."

An anonymous reader quotes a report from Ars Technica: Oregon has joined the small but growing list of states that have passed right-to-repair legislation. Oregon's bill stands out for a provision that would prevent companies from requiring that official parts be unlocked with encrypted software checks before they will fully function. Bill SB 1596 passed Oregon's House by a 42 to 13 margin. Gov. Tina Kotek has five days to sign the bill into law. Consumer groups and right-to-repair advocates praised the bill as "the best bill yet," while the bill's chief sponsor, state Sen. Janeen Sollman (D), pointed to potential waste reductions and an improved second-hand market for closing a digital divide.

"Oregon improves on Right to Repair laws in California, Minnesota and New York by making sure that consumers have the choice of buying new parts, used parts, or third-party parts for the gadgets and gizmos," said Gay Gordon-Byrne, executive director of Repair.org, in a statement. Like bills passed in New York, California, and Minnesota, Oregon's bill requires companies to offer the same parts, tools, and documentation to individual and independent repair shops that are already offered to authorized repair technicians. Unlike other states' bills, however, Oregon's bill doesn't demand a set number of years after device manufacture for such repair implements to be produced. That suggests companies could effectively close their repair channels entirely rather than comply with the new requirements. California's bill mandated seven years of availability.

If signed, the law's requirements for parts, tools, and documentation would apply to devices sold after 2015, except for phones, which are covered after July 2021. The prohibition against parts pairing only covers devices sold in 2025 and later. Like other repair bills, a number of device categories are exempted, including video game consoles, HVAC and medical gear, solar systems, vehicles, and, very specifically, "Electric toothbrushes."

The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. From a report: This is the first time the U.S. government has targeted specific people, in addition to companies, with sanctions related to the misuse of commercial spyware. And it signifies an escalation of the White House and U.S. government's efforts to curb the spyware industry. "Today's actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens," said Brian E. Nelson, U.S Treasury's under secretary for terrorism and financial intelligence, was quoted as saying in a press release.

"The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world." The U.S. Treasury imposed sanctions on Tal Dilian, the founder of Intellexa and a veteran of the spyware industry; and Sara Aleksandra Fayssal Hamou, who is not as well-known as Dilian. Hamou, according to the Treasury, has a leadership role in Intellexa, is an expert in off-shoring, and provided the company managerial services, such as renting office space in Greece.

The Federal Communications Commission is considering a proposal to bar landlords from charging tenants in bulk for cable, internet, and satellite services, offering them more choice in the kinds of services they need. From a report: The agency is circulating a proposed rule to ban the practice of "bulk billing," the White House announced in a press release ahead of President Joe Biden's meeting with his Competition Council on Tuesday.

It's part of a broader effort to promote policies that will lower costs for Americans, as Biden is trying to appeal to voters focused on the economy as he seeks reelection later this year. That theme of lowering costs will resurface in Biden's State of the Union address on Thursday, National Economic Advisor Lael Brainard told reporters on a call Monday. Bulk billing restricts consumers' choices by limiting the prices and levels of cable and internet service available to them, the White House said in the press release. The new proposal will also target other "exclusive arrangements" between landlords and service providers like exclusive wiring and marketing arrangements or revenue sharing agreements, the White House said.

An anonymous reader quotes a report from Ars Technica: Jack Teixeira, the National Guard airman who leaked confidential military documents on Discord, agreed Monday to plead guilty, promising to cooperate with officials attempting to trace the full extent of government secrets leaked. Under the plea deal, Teixeira will serve a much-reduced sentence, The Boston Globe reported, recommended between 11 years and 16 years and eight months. Previously, Teixeira had pleaded not guilty to six counts of "willful retention and transmission of national defense information," potentially facing up to 10 years per count. During a pretrial hearing, prosecutors suggested he could face up to 25 years, The Globe reported.

By taking the deal, Teixeira will also avoid being charged with violations of the Espionage Act, The New York Times reported, including allegations of unlawful gathering and unauthorized removal of top-secret military documents. According to prosecutors, it was clear that Teixeira, 22, was leaking sensitive documents -- including national security secrets tied to US foreign adversaries and allies, including Russia, China, Ukraine, and South Korea -- just to impress his friends on Discord -- some of them teenage boys. Investigators found no evidence of espionage. US District Judge Indira Talwani will decide whether or not to sign off on the deal at a hearing scheduled for September 27.

JetBlue Airways and Spirit Airlines announced on Monday that they would walk away from their planned $3.8 billion merger after federal antitrust regulators successfully challenged the deal in court. JetBlue said it would pay Spirit $69 million to exit the deal. From a report: A federal judge in Boston blocked the proposed merger on Jan. 16, siding with the Justice Department in determining that the merger would reduce competition in the industry and give airlines more leeway to raise ticket prices. The judge, William G. Young of the U.S. District Court for the District of Massachusetts, noted that Spirit played a vital role in the market as a low-cost carrier and that travelers would have fewer options if JetBlue absorbed it.

"We are proud of the work we did with Spirit to lay out a vision to challenge the status quo, but given the hurdles to closing that remain, we decided together that both airlines' interests are better served by moving forward independently," JetBlue's chief executive, Joanna Geraghty, said in a statement on Monday. "We wish the very best going forward to the entire Spirit team." JetBlue and Spirit appealed Judge Young's decision. JetBlue filed an appellate brief last week arguing that the deal should be allowed to go through. But in a regulatory filing on Jan. 26, JetBlue said it might terminate the deal. Spirit said in its own filing the same day that it believed "there is no basis for terminating" the agreement.

"These days in San Francisco, every major business closure triggers a rush to assign blame," argues the San Francisco Standard: When Macy's announced this week that it would shutter its flagship store in Union Square, it unleashed a wave of mourning and recriminations... Mayor London Breed and other local pols like state Sen. Scott Wiener tried to allay fears that Macy's was leaving because of crime, noting the planned closure is one of 150 nationwide. But in a tough election year, it seems few had the appetite to listen to her call for nuance...

The unavoidable truth is the pandemic hollowed out downtown San Francisco's offices and led to an exodus of tech staffers who preferred remote work. It meant the loss of thousands of people who had reason to regularly stroll by Macy's and so many other corporate retailers. Meanwhile, everybody else had even less reason to go shopping in an urban core. Why bother dressing up and schlepping downtown when you could get the same layaway deals online...? [R]etail has been recovering. But it should be no surprise that the recovery has happened largely in suburban markets, which have not experienced a mass exit of workers... Elsewhere, the reality is simple: Malls and department stores have been dying for the last decade, struggling to attract young people and redevelop growing vacant space into desirable uses.

Although Macy's is a legacy name, industry reports show it has been in a real doom loop of its own making. Everyone is angry about retail "shrinkage," an industry term for losses in inventory due to external theft, employee theft and mismanagement. However, reporting by CNBC and others has demonstrated that while corporate retailers may be seeing a bump in retail shrink, it is a smaller factor than other operational missteps. Industry experts suggest that "shrink" can be an excuse for poor inventory management and staffing issues, and brands like Lowe's, Foot Locker and Walgreens are now downplaying organized theft as a primary cause of revenue loss. The reality is that a swath of American retail chains have needed to downsize to remain profitable... [R]eactionary cries for police crackdowns on petty theft and homelessness miss how similar retail shutdowns are happening in cities with tougher crime laws and less visible poverty. Consider that Macy's has already conducted layoffs and cut employee benefits to remain afloat, triggering a worker strike in 2022. Then there's Macy's faltering credit card revenue, which the company said accounted for nearly triple the revenue loss as retail shrink.

While The Standard has reported on Macy's workers blaming theft for the closure, my own visit to Macy's on Tuesday and conversations with longtime sales associates in multiple departments suggested that low staffing, an aging clientele and dips in seasonal shopping have greatly affected business...

Turns out, "scary people stealing things" is a boogeyman that feels more tangible than the obscure machinations of a faltering corporation.
The San Francsico Standard itself was funded in part by billionaire venture capitalist Michael Moritz of Sequoia Capital...

Americans filing their taxes could face privacy threats, reports the Washington Post: "We just need your OK on a couple of things," TurboTax says as you prepare your tax return.

Alarm bells should be ringing in your head at the innocuous tone.

This is where America's most popular tax-prep website asks you to sign away the ironclad privacy protections of your tax return, including the details of your income, home mortgage and student loan payments. With your permission to blab your money secrets, the company earns extra income from showing you advertisements for the next three years for things like credit cards and mortgage offers targeted to your financial situation.

You have the legal right to say no when TurboTax asks for your permission to "share your data" or use your tax information to "improve your experience...."
The article complains that granting permission allows TurboTax to share details with "sibling" companies "such as your salary, the amount of your tax refund, whether you received a tax break for student loans and the day you printed your tax return..."

"You'll see that permission request once near the beginning of the tax prep process. If you skip it then, you'll see the same screen again near the end. You'll have to say yes or no..." This is part of the corporate arms race for your personal data. Everyone including the grocery store, your apps and the manufacturer of your car are gobbling information to profit from details of your life. With TurboTax, though, you have the power to refuse to participate...

TurboTax and the online tax prep service from H&R Block have been asking every year to blab your tax return. We've cautioned you about it for each of the past two tax filing seasons. (I focused only on TurboTax this year.)

"A ransomware gang once thought to have been crippled by law enforcement has snarled prescription processing for millions of Americans over the past week..." reports the Washington Post.

"The hackers stole data about patients, encrypted company files and demanded money to unlock them, prompting the company to shut down most of its network as it worked to recover." Insurance giant UnitedHealthcare Group said the hackers struck its Change Health business unit, which routes prescription claims from pharmacies to companies that determine whether patients are covered by insurance and what they should pay... Change Health and a rival, CoverMyMeds, are the two biggest players in the so-called switch business, charging pharmacies a small fee for funneling claims to insurers. "When one of them goes down, obviously it's a major problem," said Patrick Berryman, a senior vice president at the National Community Pharmacists Association...

UnitedHealth estimated that more than 90 percent of the nation's 70,000-plus pharmacies have had to alter how they process electronic claims as a result of the Change Health outage. But it said only a small number of patients have been unable to get their prescriptions at some price. At CVS, which operates one of the largest pharmacy networks in the nation, a spokesperson said there are "a small number of cases in which our pharmacies are not able to process insurance claims" as a result of the outage. It said workarounds were allowing it to fill prescriptions, however...

For pharmacies that were not able to quickly route claims to a different company, the Change Health outage left pharmacists to try to manually calculate a patient's co-pay or offer them the cash price. Compounding the impact, thousands of organizations cut off Change Health from their systems to ensure the hackers did not infect their networks as well... The attack on Change Health has left many pharmacies in a cash-flow bind, as they face bills from the companies that deliver the medication without knowing when they will be reimbursed by insurers. Some pharmacies are requiring customers to pay full price for their prescriptions when they cannot tell if they are covered by insurance. In some cases, that means people are paying more than $1,000 out of pocket, according to social media posts.

The situation has been "extremely disruptive," said Erin Fox, associate chief pharmacy officer at University of Utah Health. "At our system, our retail pharmacies were providing three-day gratis emergency supplies for patients who could not afford to pay the cash price," Fox said by email. "In some cases, like for inhalers, we had to send product out at risk, not knowing if we will ever get paid, but we need to take care of the patients." Axis Pharmacy Northwest near Seattle is "going out on a limb and dispensing product with absolutely no inkling if we'll get paid or not," said Richard Molitor, the pharmacist in charge. UPDATE: CNN reports Change Healthcare has now announced "plans for a temporary loan program to get money flowing to health care providers affected by the outage." It's a stop-gap measure meant to give some financial relief to health care providers, which analysts say are losing millions of dollars per day because of the outage. Some US officials and health care executives told CNN it may be weeks before Change Healthcare returns to normal operations.
"Once standard payment operations resume, the funds will simply need to be repaid," the company said in a statement. Change Healthcare has been under pressure from senior US officials to get their systems back online. Officials from the White House and multiple federal agencies, including the department of Health and Human Services, have been concerned by the broad financial and health impact of the hack and have been pressing for ways to get Change Healthcare back online, sources told CNN...

In a message on its website Friday afternoon, Change Healthcare also said that it was launching a new version of its online prescribing service following the cyberattack.
Thanks to Slashdot reader CaptainDork for sharing the news.

An anonymous reader quotes a report from CBS News: Scientists and researchers are celebrating what they call a "dream" discovery after an exploratory drill confirmed a high concentration of helium buried deep in Minnesota's Iron Range. Thomas Abraham-James, CEO of Pulsar Helium, said the confirmed presence of helium could be one of the most significant such finds in the world. CBS News Minnesota toured the drill site soon after the drill rig first broke ground at the beginning of February. The discovery happened more than three weeks later at about 2 a.m. Thursday, as a drill reached its depth of 2,200 feet below the surface. According to Abraham-James, the helium concentration was measured at 12.4%, which is higher than forecasted and roughly 30 times the industry standard for commercial helium. "12.4% is just a dream. It's perfect," he said.

Now that helium is confirmed to be underground in Babbitt, Abraham-James said the next phase of the project is a feasibility study by an independent third party to study the size of the well and whether it could support a full-service helium plant. "It's not just about drilling one hole, but now proving up the geological models, being able to get some really good data that wasn't captured in the original discovery," he explained. "It has the potential to really contribute to local society." The company said the feasibility study could take until the end of the year to complete.

In a series of tests using fake data, a U.S. government watchdog was able to steal more than 1GB of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The experiment is detailed in a new report by the Department of the Interior's Office of the Inspector General (OIG), published last week. TechCrunch reports: The goal of the report was to test the security of the Department of the Interior's cloud infrastructure, as well as its "data loss prevention solution," software that is supposed to protect the department's most sensitive data from malicious hackers. The tests were conducted between March 2022 and June 2023, the OIG wrote in the report. The Department of the Interior manages the country's federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud. According to the report, in order to test whether the Department of the Interior's cloud infrastructure was secure, the OIG used an online tool called Mockaroo to create fake personal data that "would appear valid to the Department's security tools."

The OIG team then used a virtual machine inside the Department's cloud environment to imitate "a sophisticated threat actor" inside of its network, and subsequently used "well-known and widely documented techniques to exfiltrate data." "We used the virtual machine as-is and did not install any tools, software, or malware that would make it easier to exfiltrate data from the subject system," the report read. The OIG said it conducted more than 100 tests in a week, monitoring the government department's "computer logs and incident tracking systems in real time," and none of its tests were detected nor prevented by the department's cybersecurity defenses.

"Our tests succeeded because the Department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data," said the OIG's report. "In the years that the system has been hosted in a cloud, the Department has never conducted regular required tests of the system's controls for protecting sensitive data from unauthorized access." That's the bad news: The weaknesses in the Department's systems and practices "put sensitive [personal information] for tens of thousands of Federal employees at risk of unauthorized access," read the report. The OIG also admitted that it may be impossible to stop "a well-resourced adversary" from breaking in, but with some improvements, it may be possible to stop that adversary from exfiltrating the sensitive data.

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.

Citing potential national security risks, the Biden administration says it will investigate Chinese-made "smart cars" that can gather sensitive information about Americans driving them. From a report: The probe could lead to new regulations aimed at preventing China from using sophisticated technology in electric cars and other so-called connected vehicles to track drivers and their personal information. Officials are concerned that features such as driver assistance technology could be used to effectively spy on Americans.

While the action stops short of a ban on Chinese imports, President Joe Biden said he is taking unprecedented steps to safeguard Americans' data. "China is determined to dominate the future of the auto market, including by using unfair practices," Biden said in a statement Thursday. "China's policies could flood our market with its vehicles, posing risks to our national security. I'm not going to let that happen on my watch." Biden and other officials noted that China has imposed wide-ranging restrictions on American autos and other foreign vehicles. Commerce Secretary Gina Raimondo said connected cars "are like smart phones on wheels" and pose a serious national security risk.