America's Internal Revenue service abandoned plans to make face-scanning mandatory for access to your tax records.

Unfortunately, before this change of heart the IRS had already directed 7 million Americans to facial recognition vendor ID.me, reports the Washington Post. Now the chair of the House Oversight Committee is urging IRS Commissioner Charles Rettig to instruct ID.me to destroy the biometric data and ensure the data isn't used for "unapproved or unauthorized purposes." "Those Americans' highly personal information may continue to be held by a third party outside of the IRS's direct control — increasing the potential for exposure due to bad actors and other cybersecurity incidents," [head of the committee] . Maloney wrote.... ID.me said on Wednesday that it would drop the facial recognition requirement in its software, which is used by 30 states and 10 federal agencies. The company also told The Washington Post that effective March 1, anyone would be able to delete their selfie or photo data....

The letter follows years of controversy over the government's expanding use of facial recognition software, despite warnings from the General Services Administration that the face-scanning technology has too many problems to justify its use.... There is no federal law regulating how facial recognition can be used or how it should be secured....

Maloney also writes that 13 percent of ID.me users since June had struggled to use the software and were referred to customer service, where representatives would attempt to verify their identities over video chat. The letter says this underscores the "widespread issues related to the use of the nascent facial recognition technology."
In fact, the Verge reports that "Internal documents and former ID.me employees say the company was beset by disorganization and staffing shortages throughout 2021, as shortcomings in the automated systems created tensions among the company's workforce, particularly the human verification workers who have to step in when the algorithms fail." Current and former employees who spoke to The Verge paint a picture of a company described as being in "permanent crisis mode," changing policies rapidly to keep up with fluctuating demand for its services and fight a slew of negative press. In particular, they say a lack of human review capacity has been a chokepoint for the company, leading to stress, pressure, and a failure to meet quality standards. It's an unexpected challenge for a biometrics system that's usually seen as automatic, pointing to the often-ignored workers needed to support automated systems at scale.

When the automated systems fail — ID.me says roughly 10 percent of users will need video chat assistance — it's workers and subjects who are left to manage the consequences.... To keep up with demand, the company added 1,300 new employees between January and September 2021, including 500 to be based in a new office in Tampa, Florida, dedicated to customer support. But as adoption increased, so did complaints. A Vice report found dozens of complaints from applicants who said they had been locked out of unemployment benefits when ID.me's verification service had failed to identify them. When the automated system failed, applicants often faced long wait times to reach human reviewers, according to the report — wait times that became even more burdensome and difficult to navigate for people without access to reliable internet connections....

Many staff were unhappy about the end of work-from-home policies, which were being phased out at the company at the same time as first the delta and then omicron variants hit the US. As in-office staffing levels rose, more ID.me employees began to contract COVID at work, sources said, in some cases taking whole teams offline at once.
One Id.me employee complained to the Verge that "In terms of worker treatment, it's like the Amazon of identity protection."

The article also notes that an ID.me video chat agent was terminated after engaging in "inappropriate conduct," and while the company added new procedures to prevent this, "sources said that these quality checks have begun to fall by the wayside under the pressure of clearing through the backlog of video verification requests."

Popular video conferencing platform Zoom this week released an important update to its macOS app following user reports about the microphone not being disabled after ending a conference. Luckily, according to the company, this was just a bug that has now been fixed. 9to5Mac reports: Since December last year, a number of users have been complaining about this bug in the Zoom Community (via The Register). According to them, the Mac's microphone stayed active even after ending a Zoom conference -- which certainly raised privacy concerns.

Zoom has confirmed that there was a bug in its macOS app that could cause the orange microphone-in-use indicator to appear even after leaving a call. According to a company representative, the latest version of the app no longer has this problem: "We experienced a bug relating to the Zoom client for macOS, which could show the orange indicator light continue to appear after having left a meeting, call, or webinar. This bug was addressed in the Zoom client for macOS version 5.9.3 and we recommend you update to version 5.9.3 to apply the fix."

An anonymous reader quotes a report from the New York Times, written by journalist Kashmir Hill: In mid-January, my husband and I were having an argument. Our 1-year-old had just tested positive for Covid-19 and was occasionally grunting between breaths. I called urgent care and was told we should take her to the emergency room. But, because I had been up all night with her, I was too exhausted to drive. "I'm worried," I told my husband. "I want you to take her to the hospital." "Doctors always tell us to take the baby to the E.R. whenever we call about anything," he replied, exasperated. (This was true.) "She is fine. She is eating and playing and happy. This is not an emergency." He eventually caved and set out for the hospital a half-hour away. Knowing he was already annoyed by me, I did not want to pepper him with questions about how it was going. Instead, I turned to the location-monitoring devices that I had secretly stashed in our car a week earlier.

I put a quarter-sized Apple AirTag in a seat pocket; a flat, credit card-shaped Bluetooth tracker made by Tile in a dashboard pocket; and a hockey-puck-like GPS tracker from a company called LandAirSea in the glove compartment. I realize I sound like the worst wife ever, so let me explain. It was for journalism. [...] I shared the feed from the LandAirSea GPS tracker with the photographer Todd Heisler so he could follow my husband around New York City. When my colleague and I reported on this, experts we spoke with were of two minds about Apple's attempts to prevent nefarious use, with some saying the alerts were inadequate and others praising the company for unearthing a larger problem: widespread surreptitious tracking, usually done with devices that don't notify a person of their presence. I decided to examine both claims by planting three AirTags, three Tiles, and a GPS tracker on my husband and his belongings to see how precisely they revealed his movements and which ones he discovered. [...]

Thirty minutes after my husband and youngest departed for the hospital, I opened an app linked to the most precise tracker in my arsenal, the $30 LandAirSea device. To activate it costs extra, because it needs a cellular plan to relay where global positioning satellites have placed it. I chose the cheapest plan, $19.95 monthly, to get location updates every three minutes; the most expensive plan, for updates every three seconds, was $49.95. The app has an "InstaFence" feature that can alert me when the car moves, and a "Playback" option to show where the car has been, so I could see the exact route on windy roads my husband had taken. I saw that he parked at 4:55 p.m., so I wasn't surprised when I got a text from him 12 minutes later reporting that they were in the waiting room. The other trackers in the car -- the $34.99 Tile and $29 AirTag -- didn't work as well in real time out in the sparsely populated area where we live. The AirTag, designed to find keys left behind "at the beach," took an hour or so to reveal that the car was in the hospital parking lot. The Tile, intended to "find misplaced things nearby and far away," never realized it had moved from our garage. That's because these devices rely on Bluetooth technology. Hill went on to say that she hid an AirTag in her husband's backpack, which became her most powerful tracker, "outperforming the GPS device, and allowing me to tell a photographer exactly where he was at all times."

"Within two hours of my putting all the trackers in our car, my husband, who has an iPhone, got an alert about the AirTag, after running an errand," adds Hill. "The problem was that he couldn't find it. [...] The one time his iPhone connected to the AirTag in the car, so he could play the noise, it was so hard to tell where it was coming from that he gave up looking for it after five minutes."

In response to the surreptitious tracking, Hill's husband said: "For all the bad press the AirTags have gotten, and as flaky as the detection mechanisms were, at least I was consistently getting notifications they were following me. The privacy dangers of the other trackers were way worse."

Google's plan to phase out third-party cookies and replace them with a bundle of new standards referred to as the "Privacy Sandbox" just overcame a key regulatory hurdle. From a report: The UK's competition regulator, the Competition and Markets Authority (CMA), has formally accepted Google's commitments about how it'll develop the new standards so they don't harm competition or unfairly benefit the search giant's own advertising business, the regulator announced today. Google's plans are still in flux, and it's not yet clear exactly what technologies Privacy Sandbox will use to replace third-party cookies. Just last month, Google abandoned one planned approach, FLoC, in favor of a new system called Topics API. Today's approval is for Google's approach, rather than any one specific technology. The regulator notes that in the next phase it will "supervise Google to ensure the Privacy Sandbox is developed in a way that benefits consumers."

An anonymous reader quotes a report from TechCrunch: Use of Google Analytics has now been found to breach European Union privacy laws in France -- after a similar decision was reached in Austria last month. The French data protection watchdog, the CNIL, said today that an unnamed local website's use of Google Analytics is non-compliant with the bloc's General Data Protection Regulation (GDPR) -- breaching Article 44 which covers personal data transfers outside the bloc to so-called third countries which are not considered to have essentially equivalent privacy protections. The U.S. fails this critical equivalence test on account of having sweeping surveillance laws which do not provide non-U.S. citizens with any way to know whether their data is being acquired, how it's being used or to seek redress for any misuse.

France's CNIL has been investigating one of 101 complaints filed by European privacy advocacy group, noyb, back in August 2020 -- after the bloc's top court invalidated the EU-U.S. Privacy Shield agreement on data transfers. Since then (indeed, long before) the legality of transatlantic transfers of personal data have been clouded in uncertainty. While it has taken EU regulators some time to act on illegal data transfers -- despite an immediate warning from the European Data Protection Board of no grace period in the wake of the July 2020 CJEU ruling (aka 'Schrems II) -- decisions are now finally starting to flow. Including another by the European Data Protection Supervisor last month, also involving Google Analytics. In France, the CNIL has ordered the website which was the target of one of noyb's complaints to comply with the GDPR -- and "if necessary, to stop using this service under the current conditions" -- giving it a deadline of one month to comply.

"[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these are not sufficient to exclude the accessibility of this data for U.S. intelligence services," the CNIL writes in a press release announcing the decision. "There is therefore a risk for French website users who use this service and whose data is exported." The CNIL does leave open the door to continued use of Google Analytics -- but only with substantial changes that would ensure only "anonymous statistical data" gets transferred. The French regulator is also very emphatic that under "current conditions" use of Google Analytics is non-compliant -- and may therefore need to cease in order for the site in question to comply with the GDPR. The CNIL also suggests use of an alternative analytics tool which does not involve a transfer outside the EU to end the breach. Additionally, it says it's launched an evaluation program to determine which website audience measurement and analysis services may be exempt from the need to obtain user consent (i.e. because they only produce anonymous statistical data which can be exported legally under GDPR). Which suggests the CNIL could issue guidance in future that recommends GDPR compliant alternatives to Google Analytics.

An anonymous reader quotes a report from the Washington Post: The CIA has a secret, undisclosed data repository that includes information collected about Americans, two Democrats on the Senate Intelligence Committee said Thursday. While neither the agency nor lawmakers would disclose specifics about the data, the senators alleged the CIA had long hidden details about the program from the public and Congress. Sens. Ron Wyden of Oregon and Martin Heinrich of New Mexico sent a letter to top intelligence officials calling for more details about the program to be declassified. Large parts of the letter, which was sent in April 2021 and declassified Thursday, and documents released by the CIA were blacked out. Wyden and Heinrich said the program operated "outside the statutory framework that Congress and the public believe govern this collection."

"CIA recognizes and takes very seriously our obligation to respect the privacy and civil liberties of U.S. persons in the conduct of our vital national security mission," Kristi Scott, the agency's privacy and civil liberties officer, said in a statement. "CIA is committed to transparency consistent with our obligation to protect intelligence sources and methods." The CIA released a series of redacted recommendations about the program issued by an oversight panel known as the Privacy and Civil Liberties Oversight Board. According to the document, a pop-up box warns CIA analysts using the program that seeking any information about U.S. citizens or others covered by privacy laws requires a foreign intelligence purpose. "However, analysts are not required to memorialize the justification for their queries," the board said.

According to Wyden and Heinrich's letter, the CIA's bulk collection program operates outside of laws passed and reformed by Congress, but under the authority of Executive Order 12333, the document that broadly governs intelligence community activity and was first signed by President Ronald Reagan in 1981. "It is critical that Congress not legislate without awareness of a ... CIA program, and that the American public not be misled into believe that the reforms in any reauthorization legislation fully cover the IC's collection of their records," the senators wrote in their letter. There was a redaction in the letter before "CIA program." Additional documents released by the CIA Thursday also revealed limited details about a program to collect financial data against the Islamic State. That program also has incidentally snared some records held by Americans. "These reports raise serious questions about the kinds of information the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans," Patrick Toomey, a lawyer for the American Civil Liberties Union, said in a statement. "The CIA conducts these sweeping surveillance activities without any court approval, and with few, if any, safeguards imposed by Congress."

A new bipartisan bill, introduced on Wednesday, could mark Congress' first step toward addressing algorithmic amplification of harmful content. The Social Media NUDGE Act, authored by Sens. Amy Klobuchar (D-MN) and Cynthia Lummis (R-WY), would direct the National Science Foundation and the National Academy of Sciences, Engineering and Medicine to study "content neutral" ways to add friction to content-sharing online. From a report: The bill instructs researchers to identify a number of ways to slow down the spread of harmful content and misinformation, whether through asking users to read an article before sharing it (as Twitter has done) or other measures. The Federal Trade Commission would then codify the recommendations and mandate that social media platforms like Facebook and Twitter put them into practice. "For too long, tech companies have said 'Trust us, we've got this,'" Klobuchar said in a statement on Thursday. "But we know that social media platforms have repeatedly put profits over people, with algorithms pushing dangerous content that hooks users and spreads misinformation."

According to a recent study published by mobile marketing company URL Genius, YouTube and TikTok track users' personal data more than any other social media apps. However, while YouTube mostly collects your personal data for its own purposes to serve you more relevant ads, TikTok mostly allows third-party trackers to collect your data -- "and from there, it's hard to say what happens with it," reports CNBC. From the report: With third-party trackers, it's essentially impossible to know who's tracking your data or what information they're collecting, from which posts you interact with -- and how long you spend on each one -- to your physical location and any other personal information you share with the app. As the study noted, third-party trackers can track your activity on other sites even after you leave the app.

To conduct the study, URL Genius used the Record App Activity feature from Apple's iOS to count how many different domains track a user's activity across 10 different social media apps -- YouTube, TikTok, Twitter, Telegram, LinkedIn, Instagram, Facebook, Snapchat, Messenger and Whatsapp -- over the course of one visit, before you even log into your account. YouTube and TikTok topped the other apps with 14 network contacts apiece, significantly higher than the study's average number of six network contacts per app. Those numbers are all probably higher for users who are logged into accounts on those apps, the study noted.

Ten of YouTube's trackers were first-party network contacts, meaning the platform was tracking user activity for its own purposes. Four of the contacts were from third-party domains, meaning the social platform was allowing a handful of mystery outside parties to collect information and track user activity. For TikTok, the results were even more mysterious: 13 of the 14 network contacts on the popular social media app were from third parties. The third-party tracking still happened even when users didn't opt into allowing tracking in each app's settings, according to the study. "Consumers are currently unable to see what data is shared with third-party networks, or how their data will be used," the report's authors wrote.

The Securities and Exchange Commission is looking into Apple's use of nondisclosure agreements (NDAs), including whether the tech giant misled investors on the matter, according to a whistleblower contacted by the agency and documents reviewed by The Technology 202. From a report: Cher Scarlett, a former Apple employee who last year filed an SEC complaint alleging the company made false statements to the agency about its policies on NDAs, said in an interview Monday that the SEC contacted her in late January to inquire about her allegations. It's unclear whether the agency has opened a formal investigation into Apple's statements and its rules on NDAs, or what the full scope of any inquiry may be. "The SEC does not comment on the existence or nonexistence of a possible investigation," SEC spokesperson Cory Jarvis said. But it's the first indication that federal regulators are digging deeper into Apple's policies on NDAs, which the company said it doesn't allow -- a fact that workers like Scarlett have disputed.

Apple has acknowledged an iOS 15 bug that may have recorded interactions with Siri on some devices, regardless of whether the user opted out, according to a report from ZDNet. From a report: The bug automatically enabled the Improve Siri & Dictation setting that gives Apple permission to record, store, and review your conversations with Siri. Apple tells The Verge that it identified the bug shortly after the release of iOS 15, stopped reviewing any recordings inadvertently received, and is deleting info received from affected devices. After discovering the bug, the company turned off the feature for "many" users and corrected the opt-in setting when it released iOS 15.2. As ZDNet points out, this is the reason why you might get a prompt asking for your permission to enable the Improve Siri & Dictation feature once you install the new 15.4 beta or, eventually, its official release.

An anonymous reader quotes a report from Motherboard: A section of the New York Police Department (NYPD) focused on intelligence gathering received a demo of NSO Group's controversial Pegasus spyware product, according to an email obtained by Motherboard. The news provides more insight into Israeli company NSO Group's push into the surveillance market in the United States, and specifically its pitching of the company's technology to American police forces. The findings come after the New York Times reported that the FBI bought a Pegasus license in 2019 for evaluation purposes.

"There will be a demo of the attached investigative software at the Rutgers School of Criminal Justice," James Sheehan, a program manager from the Northern New Jersey-Newark/Jersey City UASI, wrote in the August 2015 email. The UASI is the Urban Area Security Initiative, a program administered by the Department of Homeland Security which brings together bodies from law enforcement, fire service, public health, and more to address threats of terrorism and other issues. "The audience is the UASI/CorrStat region and NYPD intel," Sheehan continued. Recipients on Sheehan's email inviting people to attend included representatives from the Bergen County Prosecutor's Office, Jersey City's public safety agency, and the Paterson Police Department, a city of just over 150,000.

Attached to Sheehan's email was a brochure for Pegasus, NSO Group's hacking product, which advertised the tool's ability to obtain a target's calls, contacts, emails, WhatsApp messages, track their location, and more. The brochure contains a logo for WestBridge, NSO Group's North American branch. "Turn Your Target's Smartphone into an Intelligence Gold Mine," the Pegasus brochure reads. "NYPD intel" likely refers to the NYPD's Intelligence Bureau. Its mission is to "detect and disrupt criminal and terrorist activity through the use of intelligence-led policing. In combination with traditional policing methods, uniformed officers and civilian analysts in the Intelligence Bureau collect and analyze information from a variety of sources in order to advance criminal and terrorist investigations," according to the NYPD's website.

Major rightsholders and internet companies in Russia have signed a new memorandum of cooperation designed to make pirated movies, TV shows and other content harder to find. In addition to automatically removing reported infringing links within hours, search engines have agreed to completely deindex all domains that carry 100 or more links to infringing content. TorrentFreak reports: Signed in 2018, a memorandum of cooperation signed by major rightsholders and internet companies including Yandex changed the way infringing content is handled. Following the creation of a centralized database of pirated content, the Internet companies agreed to query it every few minutes in order to remove corresponding content from their platforms within six hours. Over a period of three years, more than 40 million infringing links have now been removed from search results. Since its introduction, the memorandum has been renewed several times alongside calls for the system to be opened up to a wider range of rightsholders, such as those operating in the publishing sector. While that is yet to happen, a new memorandum has just been signed by the original signatories containing an even more powerful anti-piracy tool.

Under the current agreement (which is set to expire early September 2022), rightsholders must submit specific URLs to infringing content to the centralized database controlled by the Media Communications Union (ISS). These specific URLs are then delisted by search engines but rightsholders complain that the same content can reappear under a new URL, meaning that the process must be repeated. To deal with this type of 'pirate' countermeasure, the new memorandum requires search companies to take more stringent action. Any domain that has 100 or more 'pirate' links reported to the database will be deindexed entirely by search engines, meaning that they essentially become invisible to anyone using a search engine. This must be carried out quickly too, within 24 hours according to ISS. Given the number of links to infringing content posted to non-pirate sites, safeguards will also be introduced to protect legitimate resources from deindexing. These include media sites, government projects, search engines themselves, social networks, and official content providers. "Alongside the development of the memorandum a new law is being drafted, with the aim of enshrining its voluntary terms into local law," adds TorrentFreak. "That should allow other rightsholders that aren't current signatories to obtain similar benefits. At the time of writing, however, progress on the legal front is taking its time and might still take a few more months."

Players generate a wealth of revealing psychological data -- and some companies are soaking it up. From a report: While there are no numbers on how many video game companies are surveilling their players in-game (although, as a recent article suggests, large publishers and developers like Epic, EA, and Activision explicitly state they capture user data in their license agreements), a new industry of firms selling middleware "data analytics" tools, often used by game developers, has sprung up. These data analytics tools promise to make users more amenable to continued consumption through the use of data analysis at scale.

Such analytics, once available only to the largest video game studios -- which could hire data scientists to capture, clean, and analyze the data, and software engineers to develop in-house analytics tools -- are now commonplace across the entire industry, pitched as "accessible" tools that provide a competitive edge in a crowded marketplace by companies like Unity, GameAnalytics, or Amazon Web Services. (Although, as a recent study shows, the extent to which these tools are truly "accessible" is questionable, requiring technical expertise and time to implement.) As demand for data-driven insight has grown, so have the range of different services -- dozens of tools in the past several years alone, providing game developers with different forms of insight. One tool -- essentially Uber for playtesting -- allows companies to outsource quality assurance testing, and provides data-driven insight into the results. Another supposedly uses AI to understand player value and maximize retention (and spending, with a focus on high-spenders).

Developers might use data from these middleware companies to further refine their game (players might be getting overly frustrated and dying at a particular point, indicating the game might be too difficult) or their monetization strategies (prompting in-app purchases -- such as extra lives -- at such a point of difficulty). But our data is not just valuable to video game companies in fine-tuning design. Increasingly, video game companies exploit this data to capitalize user attention through targeted advertisements. As a 2019 eMarketer report suggests, the value of video games as a medium for advertising is not just in access to large-scale audience data (such as the Unity ad network's claim to billions of users), but through ad formats such as playable and rewarded advertisements -- that is, access to audiences more likely to pay attention to an ad.

The Justice Department announced Tuesday morning it seized more than $3.6 billion in allegedly stolen cryptocurrency linked to the 2016 hack of Bitfinex. As part of the operation, authorities detained a New York couple on allegations they planned to launder the digital goods. From a report: It marks the agency's largest financial seizure ever, Deputy Attorney General Lisa Monaco said in a statement. Officials said they arrested Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31 and who also goes by the alias "razzlekhan". The couple is scheduled to make their initial appearances in federal court later in the day. Authorities accuse the pair of trying to launder the proceeds of 119,754 bitcoin that were stolen from Bitfinex's platform after a hacker breached Bitfinex's systems and initiated more than 2,000 unauthorized transactions. Prosecutors allege that the transactions sent the stolen bitcoin to Lichtenstein's digital wallet. Officials said they were able to seize more than 94,000 bitcoin, which was valued around $3.6 billion at the time of seizure. In all, the total stolen bitcoin is presently valued at approximately $4.5 billion, according to the agency. A 2019 rap video by Morgan.

New submitter Beerismydad writes: The IRS said Monday it will suspend the use of facial recognition technology to authenticate people who create online accounts after the practice was criticized by privacy advocates and lawmakers. The agency said it would no longer use a third-party service, called ID.me, for facial recognition. Critics of the software said the database could become a target for cyberthreats. They also expressed concern about how the information could be used by other government agencies, among other concerns. Earlier Monday, Senate Finance Committee Chair Ron Wyden, D-Ore., called on the agency to end its use of the ID.me software. After the IRS announced the practice would be suspended, Wyden said "the Treasury Department has made the smart decision to direct the IRS to transition away from using the controversial ID.me verification service. No one should be forced to submit to facial recognition to access critical government services."

Google is being sued in Europe on competition grounds by price comparison service PriceRunner which is seeking at least ~$2.4 billion in damages. From a report: The lawsuit accuses Google of continuing to breach a 2017 European Commission antitrust enforcement order against Google Shopping. As well as fining Google what was -- at the time -- a record-breaking antitrust penalty (2.42 billion euro), the EU's competition division ordered the search giant to cease illegal behaviors, after finding it Google giving prominent placement to its own shopping comparison service while simultaneously demoting rivals in organic search results. Immediately following the order, Google made some initial tweaks to how its product search service works -- doubling down on an auction model. But complainants were instantly critical of the changes, arguing they neither remedied the unfairness nor complied with the EU's requirement for equal treatment of price comparison services. The following year, an investigation by Sky News also accused Google of trying to circumvent the EU antitrust ruling by offering incentives to ad agencies to create faux comparison sites filled with ads for their clients' products which Google could display in the Google Shopping box to present the impression of a thriving marketplace for price comparison services.

"Subaru and Kia dealers in Massachusetts have disabled systems that allow remote starts and send maintenance alerts..." reports Wired.

Subaru buyers in Massachusetts also lose access to the telematics system's app, so "no emergency assistance; no automated messages when the tire pressure was low or the oil needed changing." Subaru disabled the telematics system and associated features on new cars registered in Massachusetts last year as part of a spat over a right-to-repair ballot measure approved, overwhelmingly, by the state's voters in 2020. The measure, which has been held up in the courts, required automakers to give car owners and independent mechanics more access to data about the car's internal systems. But the "open data platform" envisioned by the law doesn't exist yet, and automakers have filed suit to prevent the initiative from taking effect. So first Subaru and then Kia turned off their telematics systems on their newest cars in Massachusetts.... "This was not to comply with the law — compliance with the law at this time is impossible — but rather to avoid violating it," Dominick Infante, a spokesperson for Subaru, wrote in a statement. Kia did not respond to a request for comment.

The dispute is the latest chapter in long-running disagreements between the state and automakers over the right to repair, or consumers' ability to fix their own cars or control who does it for them.... [N]ew vehicles are now computers on wheels, gathering an estimated 25 gigabytes per hour of driving data — the equivalent of five HD movies. Automakers say that lots of this information isn't useful to them and is discarded. But some — a vehicle's location, how specific components are operating at a given moment — is anonymized and sent to the manufacturers.... These days, much of the data is transmitted wirelessly. So independent mechanics and right-to-repair proponents worry that automakers will stop sending vital repair information to the diagnostic ports. That would hamper the independents and lock customers into relationships with dealerships....

Automakers say opening the car's mechanical data to anyone would be dangerous — and a violation of federal law. In November 2020, just after voters approved the ballot measure, a trade group that represents most major automakers sued Massachusetts in federal court. The group, the Alliance for Automotive Innovation, argued that the federal government, not states, should control who gets access to cars' telematics systems. The group also said that it would be irresponsible and dangerous to create the open data platform that the law required, especially by 2022....

Dealerships are caught in the middle. It's an especially unfortunate time to be there, given the chip shortage that has curtailed vehicle production — and sales.
One dealer reportedly even asked a potential car buyer, "Don't you have any friends in Rhode Island whose address you can use?"

Last month streamers in China discovered that Fight Club had arrived on streaming platform Tencent — but with an entirely new ending where local authorities "rapidly figured out the whole plan and arrested all criminals....."

But now there's been another round of changes, according to the Hollywood Reporter. "After widespread online backlash to clumsy censorship of the film's ending, Chinese streaming service Tencent Video backtracked in recent days and restored most of the cuts it had made." Crucially, Fight Club's complete ending is now viewable in full in China...

News of the cuts went viral around the world and sparked much debate and embarrassment on Chinese social media about local censorship practices.... [I]t would appear that the backlash has been deemed more troublesome than the fictional film's ending, as Tencent has now restored 11 of the 12 minutes it originally cut from the 137-minute movie. The minute still missing is mostly comprised of brief nude sex scenes between Brad Pitt's and Helena Bonham Carter's characters.
Insider reports that changing the original ending provoked comments like these on China's Twitter-like platform Weibo:

- "This has become a Chinese-only joke. Even dogs won't want to watch this."

- "This is exactly why, even if you have streaming platform subscriptions, you still have to watch pirated versions."


And it brought massive attention to China's history of changing movies, notes the Wrap since "word quickly spread across the globe, bringing embarrassment to the country," reports the Wrap: Censorship of American films and TV shows at the behest of Chinese officials has become common as Hollywood has made in-roads in the country over the past decade. Last year, an episode of "The Simpsons" in which the titular family visits China was removed from Disney+ in Hong Kong over a joke made in the film about the Tiananmen Square protests in 1989 and the Chinese government's censorship of the event.
Even the South China Morning Post reported that Chuck Palahniuk, the author of the novel that inspired the film, "appeared to mock the move on Twitter. 'Everyone gets a happy ending in China!' he wrote..." Similar changes have been made to other films in China in the past. Nicolas Cage's 2005 crime film Lord of War had its final half-hour cut and replaced with text reading, "Yuri Orlov confessed all the crimes officially charged against him in court and was sentenced to life imprisonment in the end."
And another example from the Hollywood Reporter: After 20th Century Fox's Queen biopic Bohemian Rhapsody won multiple Oscars in the 2018, it was granted a theatrical release in China — but only after all mentions of Freddie Mercury's homosexuality were cut from the film.
But in this case a global popular outcry appears to have been too embarrasing to endure. According to the Hollywood Reporter now we even have an expected ending to the story of how China tried to censor Fight Club.

"Reversals of censorship actions are extremely rare within China's entertainment industry — but cuts to Hollywood movies are not."

North Korea funded its missile programs with millions of dollars in stolen cryptocurrency, reports the BBC, citing a new UN report: Between 2020 and mid-2021 cyber-attackers stole more than $50m (£37m) of digital assets, investigators found. Such attacks are an "important revenue source" for Pyongyang's nuclear and ballistic missile programme, they said. The findings were reportedly handed to the UN's sanctions committee on Friday.

The cyber-attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.

The report also referenced a study published last month by the security firm Chainalysis that suggested North Korean cyberattacks could have netted as much as $400m worth of digital assets last year. And in 2019, the UN reported that North Korea had accumulated an estimated $2bn for its weapons of mass destruction programmes by using sophisticated cyber-attacks....

The US said on Friday that North Korea — formally known as the Democratic People's Republic of Korea (DPRK) — carried out nine missile tests last month alone.

The Washington Post's editorial board announces its position in "The Post's view," a section of its site which officially "represent the views of The Washington Post as an institution, as determined through debate among members of the Editorial Board." Its newest position?

America's Internal Revenue Service "should not make you scan your face to see your tax returns." The Internal Revenue Service might soon force every American who wants to access their taxes online to record a selfie of themselves and submit to facial recognition to verify their identity. The IRS wants to start this extra verification procedure this summer. That would be a mistake. This cannot be the only way to access an account online, as 90 percent of tax filers currently do.

Requiring facial recognition could prevent a substantial number of people from accessing their accounts. Low-income Americans often lack the necessary technology, and research shows people of color are more likely to be misidentified. There are equally serious concerns about privacy and what will happen to the potentially more than 100 million selfies the IRS will collect. Cutting down on fraud is a worthy goal, but facial recognition should not be introduced so swiftly without clear guardrails around the data.... [T]here is no federal law regulating how this sensitive information can be used. And let's not forget that hackers exposed the personal information of more than 140 million Americans when they broke into Equifax — itself once an IRS verification company....

There have been encouraging reports that the IRS is reconsidering its sole reliance on ID.me for online verification for website access. At a minimum, the IRS must offer other verification options and clearly articulate guidelines on what happens to all facial data.