Robotics

China is Already Testing AI-Powered Humanoid Robots in Factories (msn.com) 71

The U.S. and China "are racing to build a truly useful humanoid worker," the Wall Street Journal wrote Saturday, adding that "Whoever wins could gain a huge edge in countless industries."

"The time has come for robots," Nvidia's chief executive said at a conference in March, adding "This could very well be the largest industry of all." China's government has said it wants the country to be a world leader in humanoid robots by 2027. "Embodied" AI is listed as a priority of a new $138 billion state venture investment fund, encouraging private-sector investors and companies to pile into the business. It looks like the beginning of a familiar tale. Chinese companies make most of the world's EVs, ships and solar panels — in each case, propelled by government subsidies and friendly regulations. "They have more companies developing humanoids and more government support than anyone else. So, right now, they may have an edge," said Jeff Burnstein [president of the Association for Advancing Automation, a trade group in Ann Arbor, Michigan]....

Humanoid robots need three-dimensional data to understand physics, and much of it has to be created from scratch. That is where China has a distinct edge: The country is home to an immense number of factories where humanoid robots can absorb data about the world while performing tasks. "The reason why China is making rapid progress today is because we are combining it with actual applications and iterating and improving rapidly in real scenarios," said Cheng Yuhang, a sales director with Deep Robotics, one of China's robot startups. "This is something the U.S. can't match." UBTech, the startup that is training humanoid robots to sort and carry auto parts, has partnerships with top Chinese automakers including Geely... "A problem can be solved in a month in the lab, but it may only take days in a real environment," said a manager at UBTech...

With China's manufacturing prowess, a locally built robot could eventually cost less than half as much as one built elsewhere, said Ming Hsun Lee, a Bank of America analyst. He said he based his estimates on China's electric-vehicle industry, which has grown rapidly to account for roughly 70% of global EV production. "I think humanoid robots will be another EV industry for China," he said. The UBTech robot system, called Walker S, currently costs hundreds of thousands of dollars including software, according to people close to the company. UBTech plans to deliver 500 to 1,000 of its Walker S robots to clients this year, including the Apple supplier Foxconn. It hopes to increase deliveries to more than 10,000 in 2027.

Few companies outside China have started selling AI-powered humanoid robots. Industry insiders expect the competition to play out over decades, as the robots tackle more-complicated environments, such as private homes.

The article notes "several" U.S. humanoid robot producers, including the startup Figure. And robots from Amazon's Agility Robotics have been tested in Amazon warehouses since 2023. "The U.S. still has advantages in semiconductors, software and some precision components," the article points out.

But "Some lawmakers have urged the White House to ban Chinese humanoids from the U.S. and further restrict Chinese robot makers' access to American technology, citing national-security concerns..."
Transportation

'Why Did the Government Declare War on My Adorable Tiny Truck?' (bloomberg.com) 176

Automotive historian Dan Albert loves the "adorable tiny truck" he's driving. It's one of the small Japan-made "kei" pickups and minivans that "make up about a third of car sales in Japan." Americans can legally import older models for less than $10,000, and getting 40 miles per gallon they're "Cheap to buy and run... rugged, practical, no-frills machines — exactly what the American-built pickup truck used to be."

But unfortunately, kei buyers face "bureaucratic roadblocks that states like Massachusetts have erected to keep kei cars and trucks out of the hands of U.S. drivers." Several state departments of motor vehicles (DMVs) have balked at registering the imported machines, saying that they're too unsafe for American streets. Owners have responded with a righteous mix of good humor, lobbying and lawsuits... Kei trucks do not meet the Federal Motor Vehicle Safety Standards, or FMVSS — the highly specific rules US-market new cars must meet. But since 1988, the Imported Vehicle Safety Compliance Act has exempted vehicles that are at least 25 years old from these crash safety standards, allowing drivers to bring over vintage European and Asian market models...

Getting insurance coverage was the next barrier, as the company that had long been underwriting the Albert family's fleet also rejected me, forcing me to seek out a specialty "collector car" insurer. (I did eventually get regular coverage....) Maine, Rhode Island, New York, Pennsylvania, Georgia, Virginia, and Michigan also tightened their rules on registering small Japanese imports in recent years. The culprit, according to the auto enthusiast press, was the American Association of Motor Vehicle Administrators, the trade organization that serves as the lobbying and policy arm of DMVs across North America. Much of AAMVA's work involves integrating the databases of the 69 US and Canadian motor vehicle jurisdictions who are its members, so that a car stolen in one state can't be titled in another... The kei truck's regulatory troubles can be traced to a 2011 AAMVA report, "Best Practices Regarding Registration and Titling of Mini-Trucks," which called for outright bans and encouraged DMVs to lobby state legislatures to outlaw keis entirely.

The Insurance Institute of Highway Safety concurred, telling AAMVA that its recommendation did not go far enough: The IIHS said that keis should join the class of conveyances that the U.S. government calls Low Speed Vehicles, which are mechanically limited to 25 miles per hour or less and should be used only for short local trips on low-speed-limit roads because they can't protect occupants in the event of a collision with a regular vehicle... [But] By 2008, Japan's kei trucks did feature crumple zones and driver airbags in compliance with that country's safety standards...

Despite its name, the Imported Vehicle Safety Compliance Act that lets older cars into the US from overseas isn't really about safety: Car industry lobbyists secured passage of the law to protect dealer profits. Newer keis — which are banned — are safer and cleaner than the 25-year-old ones that can be imported now. (Battery-powered keis debuted in 2009.) But even mine has an airbag, front crumple zone, seatbelt pretensioners, and anti-lock brakes.

The article notes that kie fans have "a distinctly libertarian streak... Some owners I've talked to report forging titles, setting up shell companies in Montana and finding other means of skirting DMV rules."

Thanks to long-time Slashdot reader schwit1 for sharing the article.
Programming

DOGE To Rewrite SSA Codebase In 'Months' (wired.com) 338

Longtime Slashdot reader frank_adrian314159 writes: According to an article in Wired, Elon Musk has appointed a team of technologists from DOGE to "rewrite the code that runs the SSA in months." This codebase has over 60 million lines of COBOL and handles record keeping for all American workers and payments for all Social Security recipients. Given that the code has to track the byzantine regulations dealing with Social Security, it's no wonder that the codebase is this large. What is in question though is whether a small team can rewrite this code "in months." After all, what could possibly go wrong? "The project is being organized by Elon Musk lieutenant Steve Davis ... and aims to migrate all SSA systems off COBOL ... and onto a more modern replacement like Java within a scheduled tight timeframe of a few months," notes Wired.

"Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits."

In 2017, SSA announced a plan to modernize its core systems with a timeline of around five years. However, the work was "pivoted away" because of the pandemic.
United Kingdom

UK Govt Data People Not Technical, Says Ex-Downing St Data Science Head (theregister.com) 11

An anonymous reader shares a report: A former director of data science at the UK prime minister's office has told MPs that people working with data in government are not typically technical and would be unlikely to get a similar job in the private sector.

In a hearing designed to illuminate the challenges facing the Department for Science, Innovation and Technology (DSIT) as it strives to become the digital centre for government, MPs quizzed Laura Gilbert, head of AI for Government, at the Ellison Institute and former director of data science at 10 Downing Street, the prime ministers' office.

Members of the House of Common's Science, Innovation and Technology Committee wanted to know about the performance of the Government Digital Service, which in January was moved from the Cabinet Office to DSIT and merged with Central Digital and Data Office (CDDO), the Incubator for AI (i.AI). Gilbert, a particle physicist who has worked in a number of tech industry roles, said one of the challenges was understanding the level of tech skills in the civil service in central government.

Privacy

Oracle Customers Confirm Data Stolen In Alleged Cloud Breach Is Valid (bleepingcomputer.com) 20

An anonymous reader quotes a report from BleepingComputer: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named 'rose87168' claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company. In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach. However, Oracle has denied that it suffered a breach of Oracle Cloud and has refused to respond to any further questions about the incident.

"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer last Friday. This denial, however, contradicts findings from BleepingComputer, which received additional samples of the leaked data from the threat actor and contacted the associated companies. Representatives from these companies, all who agreed to confirm the data under the promise of anonymity, confirmed the authenticity of the information. The companies stated that the associated LDAP display names, email addresses, given names, and other identifying information were all correct and belonged to them. The threat actor also shared emails with BleepingComputer, claiming to be part of an exchange between them and Oracle.

Bitcoin

Fidelity Prepares To Unveil Its Own Stablecoin (binance.com) 32

According to the Financial Times, Fidelity Investments is in advanced stages of developing its own stablecoin. Binance reports: The Boston-based financial services giant plans for the token to serve as a form of digital cash, according to the report, which cites two people close to the matter. The token would form part of company's strategy to enter the tokenized government bonds market. Stablecoins are a cryptocurrency whose value is pegged to a real-world asset such as the U.S. dollar or gold. They provide a convenient way for crypto traders to preserve their fiat value without having to cash out of the market.

The news emerges just days after Fidelity filed paperwork to register a blockchain-based version of its U.S. dollar money market fund. The company seeks to register an "OnChain" share class of its Treasury Digital Fund (FYHXX), which holds cash and U.S. Treasury securities and is available only to Fidelity's hedge fund and institutional clients. A Fidelity stablecoin could fill the role of cash in this fund.
The report comes a day after World Liberty Financial, a crypto venture backed by Donald Trump and his family, launched a U.S. dollar-pegged stablecoin called USD1.
Businesses

Quitting Your Job Won't Help You Get Paid More Money Right Now (bloomberg.com) 44

Here's one more reason to cling to a steady job: It doesn't pay to quit. From a report: Typically workers who snag a new position see higher pay bumps than those holding down the same job. But in February, median wage growth of 4.4% for job stayers surpassed a 4.2% gain for job switchers, according to data from the Federal Reserve Bank of Atlanta. The change, as measured by a three-month moving average, is yet another sign of a softening labor market. White collar workers have been clinging to their jobs in the face of widespread layoffs and workplace reductions. Last month, employers announced the fastest pace of job cuts since 2020, when factoring in government job losses. And now an oversupply of job seekers means workers are having to settle for smaller pay bumps, said Peter Cappelli, a professor of management at The Wharton School of the University of Pennsylvania.

"That certainly sounds like a big slackening of the job market," Cappelli said. It's a major reversal from the "Great Resignation" a few years ago, when workers left their jobs at unprecedented rates, demanding more benefits and higher pay from employers. At a peak in July 2022, workers who got new jobs saw their wages grow by a whopping 8.5% compared to 5.9% for those who stayed loyal to their company, Atlanta Fed data show.

Google

Apple Barred From Google Antitrust Trial, $20 Billion Search Deal at Risk (arstechnica.com) 15

A U.S. appeals court has ruled that Apple cannot participate in Google's upcoming antitrust trial, potentially jeopardizing a $20 billion annual deal between the tech giants. The DC Circuit Court of Appeals affirmed that Apple waited too long to join the proceedings, filing its request 33 days after the government proposed remedies in the case Google lost last August.

"The delay seems difficult to justify," the judges ruled. While Apple can still submit written testimony and file friend-of-court briefs, it cannot present evidence or cross-examine witnesses as it had sought. At stake is Google's practice of paying Apple approximately $20 billion annually to remain the default search engine in Safari browsers across Apple devices. The government's proposed remedies would make such arrangements impermissible.
China

'China's Engineer Dividend Is Paying Off Big Time' 115

An anonymous reader shares a Bloomberg column: Worries over China's "3D" problem -- that deflation, debt and demographics are structurally hampering growth -- are melting away. Instead, investors are talking about how the world's second-largest economy can take on the US and challenge its technological dominance. There is the prevailing sense that China's "engineer dividend" is finally paying off. Between 2000 and 2020, the number of engineers has ballooned from 5.2 million to 17.7 million, according to the State Council. That reservoir can help the nation move up the production possibility frontier, the thinking goes.

In a way, DeepSeek shouldn't have come as a surprise. Size matters. A bigger talent pool alone gives China a better chance to disrupt. In 2022, 47% of the world's top 20th percentile AI researchers finished their undergraduate studies in China, well above the 18% share from the US, according to data from the Paulson Institute's in-house think tank, MacroPolo. Last year, the Asian nation ranked third in the number of innovation indicators compiled by the World Intellectual Property Organization, after Singapore and the US. What this also means is that innovative breakthroughs can pop out of nowhere. [...]

More importantly, China's got the cost advantage. Those under the age of 30 account for 44% of the total engineering pool, versus 20% in the US, according to data compiled by Kaiyuan Securities. As a result, compensation for researchers is only about one-eighth of that in the US. Credit must be given to President Xi Jinping for his focus on higher education as he seeks to upgrade China's value chain. These days, roughly 40% of high-school graduates go to universities, versus 10% in 2000. Meanwhile, engineering is one of the most popular majors for post-graduate studies. It's a welcome reprieve for a government that has been struggling with a shrinking population.
The Internet

Why the Internet Archive is More Relevant Than Ever (npr.org) 64

It's "live-recording the World Wide Web," according to NPR, with a digital library that includes "hundreds of billions of copies of government websites, news articles and data."

They described the 29-year-old nonprofit Internet Archive as "more relevant than ever." Every day, about 100 terabytes of material are uploaded to the Internet Archive, or about a billion URLs, with the assistance of automated crawlers. Most of that ends up in the Wayback Machine, while the rest is digitized analog media — books, television, radio, academic papers — scanned and stored on servers. As one of the few large-scale archivists to back up the web, the Internet Archive finds itself in a particularly unique position right now... Thousands of [U.S. government] datasets were wiped — mostly at agencies focused on science and the environment — in the days following Trump's return to the White House...

The Internet Archive is among the few efforts that exist to catch the stuff that falls through the digital cracks, while also making that information accessible to the public. Six weeks into the new administration, Wayback Machine director [Mark] Graham said, the Internet Archive had cataloged some 73,000 web pages that had existed on U.S. government websites that were expunged after Trump's inauguration...

According to Graham, based on the big jump in page views he's observed over the past two months, the Internet Archive is drawing many more visitors than usual to its services — journalists, researchers and other inquiring minds. Some want to consult the archive for information lost or changed in the purge, while others aim to contribute to the archival process.... "People are coming and rallying behind us," said Brewster Kahle, [the founder and current director of the Internet Archive], "by using it, by pointing at things, helping organize things, by submitting content to be archived — data sets that are under threat or have been taken down...."

A behemoth of link rot repair, the Internet Archive rescues a daily average of 10,000 dead links that appear on Wikipedia pages. In total, it's fixed more than 23 million rotten links on Wikipedia alone, according to the organization.

Though it receives some money for its preservation work for libraries, museums, and other organizations, it's also funded by donations. "From the beginning, it was important for the Internet Archive to be a nonprofit, because it was working for the people," explains founder Brewster Kahle on its donations page: Its motives had to be transparent; it had to last a long time. That's why we don't charge for access, sell user data, or run ads, even while we offer free resources to citizens everywhere. We rely on the generosity of individuals like you to pay for servers, staff, and preservation projects. If you can't imagine a future without the Internet Archive, please consider supporting our work. We promise to put your donation to good use as we continue to store over 99 petabytes of data, including 625 billion webpages, 38 million texts, and 14 million audio recordings.
Two interesting statistics from NPR's article:

Thanks to long-time Slashdot reader jtotheh for sharing the news.


Government

US Security Agencies Halt Coordinated Effort to Counter Russian Sabotage and Cyberattacks (yahoo.com) 146

Reuters reported this week that several U.S. national security agencies "have halted work on a coordinated effort to counter Russian sabotage, disinformation and cyberattacks..." The plan was led by the president's National Security Council (NSC) and involved at least seven national security agencies working with European allies to disrupt plots targeting Europe and the United States, seven former officials who participated in the working groups told Reuters... [S]ince Trump took office on January 20 much of the work has come to a standstill, according to eleven current and former officials, all of whom requested anonymity to discuss classified matters... Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies...

The FBI last month ended an effort to counter interference in U.S. elections by foreign adversaries including Russia and put on leave staff working on the issue at the Department of Homeland Security. The Department of Justice also disbanded a team that seized the assets of Russian oligarchs... Department of Homeland Security Assistant Secretary Tricia McLaughlin told Reuters the agency had placed on administrative leave personnel working on misinformation and disinformation on its election security team, without elaborating further.

The Media

'Wired' Drops Paywalls for Articles Based on Public Records Requests, Urges Other Sites to Follow (freedom.press) 26

Wired's web site "is going to stop paywalling articles that are primarily based on public records obtained through the Freedom of Information Act," their global editorial director announced this week: They're called public records for a reason, after all. And access to public documents is more important than ever at this moment, with government websites and records disappearing... [S]ome may argue that, from a business standpoint, not charging for stories primarily relying on public records automatically means fewer subscriptions and therefore less revenue. We disagree.

Sure, the FOIA process is time- and labor-intensive. Reporters face stonewalling, baseless denials, lengthy appeals processes, and countless other obstacles and delays. Investigative reports based on public records are among the most expensive stories to produce and share with the public... But while some readers might not subscribe to outlets that give away some of their best journalism for free, it's just as possible that readers will recognize this sacrifice and reward these outlets with more traffic and subscriptions in the long run...

We hope others will follow Wired's lead (and shoutout to outlets like 404 Media that also make their FOIA-based reporting available for free). We also hope those who stand to benefit from these outlets' leadership (that's you, reader) will do their part and subscribe if you can afford it. They're not asking for an arm and a leg... The Fourth Estate needs to step up and invest in serving the public during these unprecedented times. And the public needs to return the favor and support quality journalism, so that hopefully one day we can do away with those annoying paywalls altogether.

NASA

NASA Considers Eliminating Its Headquarters in Washington D.C. (politico.com) 84

NASA is considering "closing its headquarters and scattering responsibilities among the states," reports Politico, citing two people familiar with the plan. "The proposal could affect up to 2,500 jobs and redistribute critical functions, including who manages space exploration and organizes major science missions." While much of the day-to-day work occurs at NASA's 10 centers, the Washington office plays a strategic role in lobbying for the agency's priorities in Congress, ensuring the White House supports its agenda and partnering with foreign countries on critical space projects. Some of the headquarter's offices might remain in Washington, the people said, but it's not clear which ones those would be or who would keep their jobs...

One of the biggest fallouts is the damage it could do to coordination among NASA leadership on pressing issues... It would also limit cooperation with international partners on space, which is often done through embassies in Washington. NASA works with foreign partners on a range of projects, including the International Space Station and returning to the moon. The European Space Agency, for example, plans to provide modules for Gateway, a lunar space station that is central to NASA's Artemis program to land American astronauts back on the moon... The agency also helps coordinate support from foreign nations for the Artemis accords, which set goals for transparency and data sharing — and help create a level of trust in an unregulated part of the universe.

But the reallocation could have some benefits. Such a move would bring headquarters employees closer to the processes they manage. And it would give legislative liaison staff a chance to interact with lawmakers in their districts. "You're probably getting a lot more time with [lawmakers] at the local center or hosting events in the state or district," said Tom Culligan, a longtime space lobbyist,, the space industry lobbyist.

China

China Explores Limiting Its EV and Battery Exports For US Tariff Negotiations (msn.com) 160

"China is considering trying to blunt greater U.S. tariffs and other trade barriers," reports the Wall Street Journal, "by offering to curb the quantity of certain goods exported to the U.S., according to advisers to the Chinese government." Tokyo's adoption of so-called voluntary export restraints, or VERs, to limit its auto shipments to the U.S. in the 1980s helped prevent Washington from imposing higher import duties. A similar move from Beijing, especially in sectors of key concern to Washington, like electric vehicles and batteries, would mitigate criticism from the U.S. and others over China's "economic imbalances": heavily subsidized companies making stuff for slim profits but saturating global markets, to the detriment of other countries' manufacturers...

The Xi leadership has indicated a desire to cut a deal with the Trump administration to head off greater trade attacks... Similar to Japan, the Chinese advisers say, Beijing may also consider negotiating export restraints on EVs and batteries in return for investment opportunities in those sectors in the U.S. In some officials' views, they say, that might be an attractive offer to Trump, who at times has indicated an openness to more Chinese investment in the U.S. even though members of his administration firmly oppose it.

The article notes agreements like this are also hard to enforce, "particularly when Chinese companies export to the U.S. from third countries including Mexico and Vietnam."
Government

Six Countries Named as 'Likely' Purchasers of Paragon's Cellphone Spyware (techcrunch.com) 15

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore "are likely customers of Israeli spyware maker Paragon Solutions," reports TechCrunch, "according to a new technical report by a renowned digital security lab." On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, published a report about the Israeli-founded surveillance startup, identifying the six governments as "suspected Paragon deployments."

At the end of January, WhatsApp notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live... Paragon's executive chairman John Fleming told TechCrunch that the company "licenses its technology to a select group of global democracies — principally, the United States and its allies." Israeli news outlets reported in late 2024 that U.S. venture capital AE Industrial Partners had acquired Paragon for at least $500 million upfront....

Among the suspected customer countries, Citizen Lab singled out Canada's Ontario Provincial Police (OPP), which specifically appears to be a Paragon customer given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP.

In a related development the Guardian reports that a prominent activist in Italy "has warned the international criminal court that his mobile phone was under surveillance" when he was providing them confidential information about torture victims in Libya.

Both articles submitted by long-time Slashdot reader ISayWeOnlyToBePolite.
Government

Was Undersea Cable Sabotage Part of a Larger Pattern? (apnews.com) 83

Was the cutting of undersea cables part of a larger pattern? Russia and its proxies are accused by western officials of "staging dozens of attacks and other incidents across Europe since the invasion of Ukraine three years ago," reports the Associated Press.

That includes cyberattacks and committing acts of sabotage/vandalism/arson, as well as spreading propaganda and even plotting killings, according to the article. ("Western intelligence agencies uncovered what they said was a Russian plot to kill the head of a major German arms manufacturer that is a supplier of weapons to Ukraine...") The news agency documented 59 incidents "in which European governments, prosecutors, intelligence services or other Western officials blamed Russia, groups linked to Russia or its ally Belarus." [Western officials] allege the disruption campaign is an extension of Russian President Vladimir Putin's war, intended to sow division in European societies and undermine support for Ukraine... The incidents range from stuffing car tailpipes with expanding foam in Germany to a plot to plant explosives on cargo planes. They include setting fire to stores and a museum, hacking that targeted politicians and critical infrastructure, and spying by a ring convicted in the U.K. Richard Moore, the head of Britain's foreign intelligence service, called it a "staggeringly reckless campaign" in November...

The cases are varied, and the largest concentrations are in countries that are major supporters of Ukraine... In about a quarter of the cases, prosecutors have brought charges or courts have convicted people of carrying out the sabotage. But in many more, no specific culprit has been publicly identified or brought to justice.

Despite that, "more and more governments are publicly attributing attacks to Russia," the article points out.

This week a nonprofit, bipartisan think tank on global policy released a report which "found that Russian attacks in Europe quadrupled from 2022 to 2023 and then tripled again from 2023 to 2024," reports the New York Times. Prime Minister Donald Tusk of Poland noted in a social media post on Monday that Lithuanian officials had confirmed his assessment that Russia was responsible for a series of fires in shopping centers in Warsaw and Vilnius, the Lithuanian capital...
United States

US Release of Unredacted JFK Files 'Doxxed' Officials, Including Social Security Numbers (usatoday.com) 81

"I intend to sue the National Archives," said Joseph diGenova, an 80-year-old former Trump campaign lawyer (and a U.S. Attorney from 1983 to 1988). While releasing 63,000 unredacted pages about the 1963 assassination of President Kennedy, the U.S. government erroneously "made public the Social Security numbers and other sensitive personal information of potentially hundreds of former congressional staffers and other people," reports USA Today. ("It is virtually impossible to tell the scope of the breach because the National Archives put them online without a way to search them by keyword, some JFK files experts and victims of the information release told USA TODAY...")

Mark Zaid, a national security lawyer who represented current and former spies and other officials in cases against the government, told USA Today that he "saw a few names I know and I informed them of the breach... Hundreds were doxxed but of that number I don't know how many are still living." Zaid, who has fought for decades for the JFK records to be made public, said many of the thousands of investigative documents had been made public long ago with everything declassified and unredacted except for the personal information. Releasing that information now, he told USA TODAY, poses significant threats to those whose information is now public, including dates and places of birth, but especially their Social Security numbers. "The purpose of the release was to inform the public about the JFK assassination, not to help permit identity theft of those who actually investigated the events of that day," Zaid said. The Associated Press reported Thursday afternoon that government officials "said they are still screening the records to identify all the Social Security numbers that were released." One of the newly unredacted documents... discloses the Social Security numbers of more than two dozen people seeking security clearances in the 1990s to review JFK-related documents for the Assassination Records Review Board.
Open Source

'Unaware and Uncertain': Report Finds Widespread Unfamiliarity With 2027's EU Cyber Resilience Requirements (linuxfoundation.org) 6

Two "groundbreaking research reports" on open source security were announced this week by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe. The reports specifically address the EU's Cyber Resilience Act (or CRA) and "highlight knowledge gaps and best practices for CRA compliance."

"Unaware and Uncertain: The Stark Realities of CRA-Readiness in Open Source" includes a survey which found that when it comes to CRA requirements, 62% of respondents were either "not familiar at all" (36%) or "slightly familiar" (26%) — while 51% weren't sure about its deadlines. ("Only 28% correctly identified 2027 as the target year for full compliance," according to one infographic, which adds that CRA "is expected to drive a 6% average price increase, though 53% of manufacturers are still assessing pricing impacts.") Manufacturers, who bear primary responsibility, lack readiness — many [46%] passively rely on upstream security fixes, and only a small portion produce Software Bills of Materials (SBOMs). The report recommends that manufacturers take a more active role in open source security, that more funding and legal support is needed to support security practices, and that clear regulatory guidance is essential to prevent unintended negative impacts on open source development.
The research also provides "an in-depth analysis of how open collaboration can strengthen software security and innovation across global markets," with another report that "examines how three Linux Foundation projects are meeting the CRA's minimum compliance requirements" and "provides insight on the elements needed to ensure leadership in cybersecurity best practices." (It also includes CRA-related resources.)

"These two reports offer actionable conclusions for open source stakeholders to ready themselves for 2027, when the CRA comes into force," according to a Linux Foundation reserach executive cited in the announcement. "We hope that these reports catalyze higher levels of collaboration across the open source community."
Encryption

France Rejects Backdoor Mandate (eff.org) 10

The French National Assembly has rejected a controversial provision that would have forced messaging platforms like Signal and WhatsApp to allow government access to encrypted private conversations, lawmakers voted Thursday night. The measure, embedded within anti-drug trafficking legislation, would have implemented a "ghost participant model" allowing law enforcement to silently join encrypted chats without users' knowledge.
United States

US Removes Tornado Cash Sanctions (coindesk.com) 23

The U.S. Treasury Department's sanctions watchdog removed cryptocurrency mixing tool Tornado Cash from its global blacklist on Friday, following a federal appeals court ruling last November that the Office of Foreign Asset Control couldn't sanction its smart contracts. Despite the delisting of over 100 Ethereum addresses from the Specially Designated Nationals list, Treasury Secretary Scott Bessent emphasized continuing concerns about North Korea's digital asset theft operations.

"We remain deeply concerned about the significant state-sponsored hacking and money laundering campaign aimed at stealing, acquiring, and deploying digital assets for the Democratic People's Republic of Korea," Treasury stated. Roman Storm, Tornado Cash co-founder, still faces a July criminal trial for his alleged development role. A Treasury court filing Monday had warned that completely lifting sanctions could have "significantly disruptive consequences for national security."

Slashdot Top Deals