"The Federal Reserve Bank of Boston and the Massachusetts Institute of Technology's Digital Currency Initiative have come up with an initial design for a central bank digital currency," reports Yahoo Finance.

Reuters cautions that the newly-released research does not suggest that the U.S. central bank will move toward launching a CBDC, a step it has said it would not take without clear support from the White House and Congress...." Instead the team "developed technology that can be adjusted as more policy questions regarding the structure and purpose of a CBDC are addressed."

The Washington Post describes it as "a system that can settle the vast majority of payments in less than two seconds, handles more than 1.7 million transactions per second and operates around-the-clock with no service outages in the case of a disruption in its network."

The Boston Globe adds that "The team noted there's a lot more work to do in the next phase, including researching various privacy features, and stressed the digital dollar remains hypothetical until the Fed decides whether to move forward with government-backed electronic cash."

Some context from the Washington Post: The ultimate product could help extend financial services to people who lack a bank account and make cross-border payments such as remittances safer and easier, said Neha Narula, director of the Digital Currency Initiative at MIT. Narula, in a conference call with reporters, noted that the Boston researchers "aren't the ones making policy decision on how such a system might operate," so they have aimed to "create a flexible system that can work with a variety of models."

Along with a paper describing the team's work to date, researchers on Thursday published open-source code for the platform that would support the digital currency. Jim Cunha, executive vice president of the Boston Fed, called that a first for the central bank, intended to encourage public input that improves the technology.

CNN reports that wastewater-based epidemiology "has proven to be so reliable in dozens of pilot projects across the U.S. that the government has invested millions to create the National Wastewater Surveillance System, or NWSS, a network of 400 testing sites spread across 19 states that is coordinated by the U.S. Centers for Disease Control and Prevention."

The pilot programs have already been "quietly operating behind the scenes, generating data for public health departments across the country, since September 2020." For the first time, the CDC has published data that looks at how much coronavirus is turning up in the country's wastewater. It added this testing data to its Covid-19 dashboard. Tests show that there's been a decrease in the amount of virus at two-thirds of the 255 sites reporting data from the latest 15-day period.

The NWSS includes 400 sites overall, and more than 500 more will begin submitting data in the coming weeks, the CDC says.... [G]enetic material from the virus gets flushed down the toilet into the wastewater stream, where it can be detected by the same kinds of tests labs use to detect the virus from nasal swabs: real time polymerase chain reaction tests, or RT-PCR. This kind of testing is highly sensitive. It can pick up the presence of the virus when just one person out of 100,000 in a given area, or sewershed, is infected. And because wastewater testing doesn't depend on people to realize they're sick and seek out a test, or even to have symptoms at all, it's often the earliest warning a community has that wave of Covid-19 infections is on the way. The CDC estimates that...the samples typically turn positive in an area four to six days before clinical cases show up.

"As long as people are using a toilet that's connected to a sewer, we can get information on those cases in that community," said Amy Kirby, a CDC microbiologist who leads the NWSS project... [But] this kind of testing can't signal when a community is free from the virus because the threshold of detection — how many people have to be positive in an area to show up in a water sample — isn't known. For these reasons, the CDC says, wastewater surveillance is best used along with case-based surveillance....

Kirby says wastewater monitoring will be around long after Covid is gone, too. By the end of the year, the CDC plans to expand the number of pathogens tracked on the dashboard to include influenza, a fungal superbug called Candida auris, and foodborne threats like E. coli and salmonella.

An anonymous reader quotes a report from The Economist: Pop-up notifications are often annoying. For Meta, one in Apple's iOS operating system, which powers iPhones, is a particular headache. On February 2nd Meta, which owns Facebook and Instagram, told investors that privacy-focused changes to iOS, including the "ask app not to track" notification, would cost the company around $10 billion in 2022. That revelation, along with growing competition and sluggish growth in user numbers, helped to prompt a 23% plunge in Meta's share price and showed Apple's might. But what did Apple actually do, and why was it so costly?

The promise of digital advertising has always been its ability to precisely target people. Before the digital age, companies placed ads in places where they expected potential customers would see them, such as a newspaper, and hoped for the best. Online, companies could instead target ads based on people's browsing history and interests. This fueled the profits of companies like Meta, which held vast amounts of data on their users. For years, Apple helped by offering an "identifier for advertisers" (IDFA), giving advertisers a way to track people's behavior on its devices. Users have long been able to disable IDFA in their phones' settings. But last year, citing privacy concerns, Apple turned off IDFA by default and forced apps to ask people if they want to be tracked. It seems most do not: a study in December by AppsFlyer, an ad-tech company, suggested that 54% of Apple users who saw the prompt opted out.

This change has made digital advertising much trickier. Sheryl Sandberg, Meta's chief operating officer, told investors that the change decreased the accuracy of ad targeting and slowed the collection of data showing whether ads work. Both of these changes make "direct-response ads," which encourage consumers to take an action like clicking or purchasing, less appealing to advertisers. The financial impact on ad-sellers like Meta has been painful. The $10 billion hit estimated by Meta amounts to over 8% of its revenue in 2021. Snap, another social-media company, and Unity, a games engine which operates an ad network, also expect Apple's changes to hurt their businesses. Apple, meanwhile, is doing well: estimates suggest its own ad business has grown significantly since it introduced the app tracking pop-up. (A different pop-up, with a more persuasive sales pitch for opting-in to tracking, appears on Apple's own apps.)

A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that "would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe," writes Joe Mullin via the Electronic Frontier Foundation. "It's a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online -- backups, websites, cloud photos, and more -- is scanned." From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all -- specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. [...]

Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.

The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.

According to The Washington Post, the EPA and White House Council on Environmental Quality have objected to the US Postal Service's proposal to mostly buy gas-powered next-gen delivery trucks in a project worth up to $11.3 billion. "The current strategy is a 'lost opportunity' to more drastically reduce the carbon footprint of one of the world's largest government fleets," reports Engadget, citing EPA associate policy administrator Vicki Arroyo. From the report: Only 10 percent of the USPS' new trucks would be electric under the existing proposal, and the overall effort would only improve the fleet's fuel economy by 0.4MPG. Postmaster General Louis DeJoy previously claimed the Postal Service couldn't afford more electric mail vehicles, and has argued his agency needs to focus on basic infrastructure improvements over technology. The USPS is required by law to be self-sufficient, and can't simply request government funds.

There may be an uphill battle to make any changes. DeJoy has staunchly refused to alter the purchasing plan, and the USPS rejected California officials' January 28th request for a public hearing on the plans. The service also largely ignored EPA advice when it created the analysis guiding its plan. The environmental regulator accused the USPS of using "biased" estimates that preferred gas-based trucks. The mail institution reportedly assumed battery and gas prices would remain static even decades later, and that the existing charging infrastructure wouldn't grow. It further overestimated the emissions from plug-in vehicles, according to the EPA.

The Postal Service might be forced to change regardless. The EPA has the option of referring its disagreements to the White House Council on Environmental Quality, which can mediate disputes like this. The letters gave the USPS a last chance to voluntarily rethink its proposal before the Council stepped in, sources for The Post claimed. Environmental groups are also likely to sue if the gas-centric plan moves ahead, and the law firm Earthjustice told The Post the USPS might lose when its proposal often lacks supporting evidence. You may well see a transition toward mail-carrying EVs, even if the transition is particularly messy.

U.S. lawmakers are introducing "Right to Repair" legislation this week to ensure consumers can get vehicles, electronic devices and agriculture equipment serviced by independent outlets. Reuters reports: Representative Bobby Rush, a Democrat, said Thursday he had introduced legislation to ensure vehicle owners and independent repair shops have equal access to repair and maintenance tools as automakers' dealerships. Representatives Mondaire Jones, a Democrat, and Republican Victoria Spartz introduced separate legislation Wednesday dubbed the Freedom to Repair Act to reform copyright law to make it easier for consumers to get repairs. Public Knowledge Policy Counsel Kathleen Burke said the bill would allow "consumers to repair their own devices without needing to get the Copyright Office's permission every three years."

Rush's bill would require all tools and equipment, wireless transmission of repair and diagnostic data and access to on-board diagnostic systems needed for repairs be made available to the independent repair industry. Rush said it would "end manufacturers' monopoly on vehicle repair and maintenance and allow Americans the freedom to choose where to repair their vehicles." Rush's bill would create a committee to provide recommendations to the FTC on addressing barriers to vehicle repairs. Yesterday, Sen. Jon Tester (D-Mont.) introduced a bill to allow farmers to fix their own equipment. Specifically, the bill "would require agriculture equipment manufacturers to make spare parts, instruction manuals and software codes publicly available, allowing farmers to fix devices by themselves or hire third-party mechanics of their own choosing," reports NBC News.

To make it harder for stalkers to abuse them, Apple included (and has since upgraded) several safety features that will alert someone to the presence of a nearby AirTag that's not their own, including an audible beep. But according to PCMag, one Etsy seller was, up until very recently, selling AirTags with the speaker physically disabled, raising privacy concerns once again. From a report: The AirTag, a small, easy-to-carry device about the size of a quarter, relies on Apple's Find My network which leverages millions of Apple devices to discreetly keep tabs on the location of the trackers and report that information back to each tag's registered user. The general idea behind the AirTag was that users could attach one to their keys, their backpack, or to other valuable items, and be able to quickly locate them if lost. To prevent their misuse, such as using an AirTag to track someone without their knowledge, iOS users would be eventually notified if a tracker registered to someone else was nearby, while Android users would have to rely on an audible beep that would start chirping three days after an AirTag was separated from its owner.

The product was ripe for abuse -- a concern we emphasized in our initial review of the AirTags -- and a couple of months after their debut Apple addressed those concerns with promised updates that would see Android users getting similar notifications as iOS users when an AirTag was nearby through a new Tracker Detect app that allowed Android users to more easily spot the devices. And the timeframe for when the trackers would start beeping after being away from its registered owner was shortened to a "random time inside a window that lasts between 8 and 24 hours," according to a CNET report.

After a years-long process, data protection officials across the European Union have ruled that Europe's ad tech industry has been operating unlawfully. Engadget reports: The decision, handed down by Belgium's APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe. At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover -- in the form of those consent pop-ups which blight websites -- enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.

The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct."

According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."

An anonymous reader quotes a report from The Guardian: The FBI has confirmed that it obtained NSO Group's powerful Pegasus spyware, suggesting that it bought access to the Israeli surveillance tool to "stay abreast of emerging technologies and tradecraft." In a statement released to the Guardian, the bureau said it had procured a "limited license" to access Pegasus for "product testing and evaluation only," and suggested that its evaluation of the tool partly related to security concerns if the spyware fell into the "wrong hands." The bureau also claimed it had never used Pegasus in support of any FBI investigation. "There was no operational use in support of any investigation, the FBI procured a limited license for product testing and evaluation only," it said.

The statement marks a direct acknowledgment by the FBI that it acquired Pegasus, one of the world's most sophisticated hacking tools. [...] A person with close knowledge of the FBI deal, who spoke to the Guardian on the condition of anonymity, claimed that it occurred after a "long process" of negotiations between US officials and NSO. It is claimed one disagreement centered on how much control NSO would retain over its software. The source claimed that NSO usually kept sensors on its technology so that the company could be alerted in Israel if the technology was moved by a government client. But the source claimed the FBI did not want the technology to be fitted with sensors that would have allowed NSO to track its physical location.

The source also claimed that the FBI did not want NSO's own engineers to install the technology and did not want to integrate the spyware into its own systems. Ultimately, it is understood that NSO and the FBI agreed to keep the technology in a large container. The FBI was also concerned about possible "leakage" of any data to another foreign intelligence service, the source said. The source claimed the Pegasus license was acquired by the FBI using a financial "vehicle" that was not easily identified as being linked to the bureau. In the end, the source claimed, the FBI did not actually use Pegasus. "They weren't using it at all. Like, not even switching it on. But they kept paying for it, and they wanted to renew. It was a one-year test project and it cost about $5 million, and they renewed for another $4 million," the source claimed. "But they didn't use it." In response to the claims, the FBI said: "The FBI works diligently to stay abreast of emerging technologies and tradecraft -- not just to explore a potential legal use but also to combat crime and to protect both the American people and our civil liberties. That means we routinely identify, evaluate, and test technical solutions and problems for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands. There was no operational use in support of any investigation, the FBI procured a limited license for product testing and evaluation only."

An anonymous reader quotes a report from NBC News: A bill introduced Tuesday in the Senate could help make it easier for farmers [...] to repair their tractors independently. The legislation would require agriculture equipment manufacturers to make spare parts, instruction manuals and software codes publicly available, allowing farmers to fix devices by themselves or hire third-party mechanics of their own choosing. The bill's sponsor, Sen. Jon Tester, D-Mont., said in an interview that he has heard from many farmers who reported that difficulties repairing equipment hurt their businesses. "We've got to figure out ways to empower farmers to make sure they can stay on the land. This is one of the ways to do it," Tester said. "I think that the more we can empower farmers to be able to control their own destiny, which is what this bill does, the safer food chains are going to be."

Tester said farmers often reported that company-authorized repairs were costly and could be handled only by licensed technicians who may take days, or even weeks, to show up. That type of delay can have serious impacts on the delicate harvest cycle for planting and reaping crops. [...] The rules about farming equipment could help boost the wider "right to repair" movement, which has gained steam across the country in recent years. Consumer rights groups like U.S. PIRG, a federation of nonprofit public interest research groups, or PIRGs, say people have a fundamental right to control devices they already own, especially when they need to be fixed. Over the last few decades, they say, companies have made third-party repairs nearly impossible by locking software, writing prohibitive warranties or restricting spare parts.

The Senate bill is the latest effort to tackle the issue in Congress, following similar legislation sponsored in the House last year by Rep. Joseph Morelle, D-N.Y. But unlike some of the other proposed laws, the Senate bill narrowly targets farmers, who have become one of the most vocal groups advocating for more repair regulations. Tester said: "I think when you get into other areas like cellphones and TVs and all that kind of stuff, it brings in all sorts of other issues that I am personally not as familiar with as agriculture. That's not to say that those other issues aren't really, really important. What it is to say is that I know this issue reasonably well, and I thought this is an issue that we need to deal with, and the sooner the better."

A whistleblower has alleged that an executive at NSO Group offered a US-based mobile security company "bags of cash" in exchange for access to a global signalling network used to track individuals through their mobile phone, according to a complaint that was made to the US Department of Justice. The Guardian: The allegation, which dates back to 2017 and was made by a former mobile security executive named Gary Miller, was disclosed to federal authorities and to the US congressman Ted Lieu, who said he conducted his own due diligence on the claim and found it "highly disturbing." Details of the allegation by Miller were then sent in a letter by Lieu to the Department of Justice. "The privacy implications to Americans and national security implications to America of NSO Group accessing mobile operator signalling networks are vast and alarming," Lieu wrote in his letter. The letter was shared with the Guardian and other media partners on the Pegasus project, a media consortium led by the Paris-based Forbidden Stories that has investigated NSO and published a series of stories about how governments around the world have used the company's spyware to target activists, journalists, and lawyers, among others.

Mozilla is rolling out new updates to its mobile and desktop VPN offerings, the company announced on Tuesday. From a report: With the launch of Mozilla VPN 2.7, the company is bringing one of Firefox's popular add-ons, Multi-Account Containers, to the desktop platform and also introducing a multi-hop feature to the Android and iOS version of the VPN service. Firefox's Multi-Account Containers allow users to separate different parts of their online activities, such as work, shopping and banking. Instead of having to open a new window or different browser to check your work email, you can isolate that activity in a container tab, which prevents other sites from tracking your activity across the web. The company says combining the add-on with Mozilla's VPN adds an extra layer of protection to users' compartmentalized browsing activity and also adds extra protection to their locational information.

How to analyse data without revealing their secrets? From a report: Data are valuable. But not all of them are as valuable as they could be. Reasons of confidentiality mean that many medical, financial, educational and other personal records, from the analysis of which much public good could be derived, are in practice unavailable. A lot of commercial data are similarly sequestered. For example, firms have more granular and timely information on the economy than governments can obtain from surveys. But such intelligence would be useful to rivals. If companies could be certain it would remain secret, they might be more willing to make it available to officialdom. A range of novel data-processing techniques might make such sharing possible. These so-called privacy-enhancing technologies (PETs) are still in the early stages of development. But they are about to get a boost from a project launched by the United Nations' statistics division. The UN PETs Lab, which opened for business officially on January 25th, enables national statistics offices, academic researchers and companies to collaborate to carry out projects which will test various PETs, permitting technical and administrative hiccups to be identified and overcome.

The first such effort, which actually began last summer, before the PETs Lab's formal inauguration, analysed import and export data from national statistical offices in America, Britain, Canada, Italy and the Netherlands, to look for anomalies. Those could be a result of fraud, of faulty record keeping or of innocuous re-exporting. For the pilot scheme, the researchers used categories already in the public domain -- in this case international trade in things such as wood pulp and clocks. They thus hoped to show that the system would work, before applying it to information where confidentiality matters. They put several kinds of PETs through their paces. In one trial, OpenMined, a charity based in Oxford, tested a technique called secure multiparty computation (SMPC). This approach involves the data to be analysed being encrypted by their keeper and staying on the premises. The organisation running the analysis (in this case OpenMined) sends its algorithm to the keeper, who runs it on the encrypted data. That is mathematically complex, but possible. The findings are then sent back to the original inquirer.

Earlier this month, a German court fined an unidentified website $110 for violating EU privacy law by importing a Google-hosted web font. The Register reports: The decision, by Landgericht Munchen's third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff's IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe's General Data Protection Regulation (GDPR). That is to say, when the plaintiff visited the website, the page made the user's browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen's IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn't give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.

The decision says IP addresses represent personal data because it's theoretically possible to identify the person associated with an IP address, and that it's irrelevant whether the website or Google has actually done so. The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of 250,000 euros for each violation, or up to six months in prison, for continued improper use of Google Fonts. Google Fonts is widely deployed -- the Google Fonts API is used by about 50m websites. The API allows websites to style text with Google Fonts stored on remote servers -- Google's or a CDN's -- that get fetched as the page loads. Google Fonts can be self-hosted to avoid running afoul of EU rules and the ruling explicitly cites this possibility to assert that relying on Google-hosted Google Fonts is not defensible under the law.

A Charlotte, North Carolina man has pleaded guilty to charges of mail fraud after stealing and reselling merchandise from an Amazon warehouse, the Department of Justice said in a news release. The Verge reports: Between June 2020 and September 2021, Douglas Wright, Jr., an operations manager at Amazon's Charlotte warehouse, allegedly stole products with a total value of more than $273,000, using his access to get computer parts like internal hard drives and processors, according to the DOJ. Wright said in court on Friday that he shipped the products to his home, then sold them to a computer wholesale company in California. He faces a maximum sentence of 20 years in prison and a $250,000 fine. A sentencing date has not been set.

An anonymous reader quotes a report from Ars Technica: BlackBerry is adding another sad chapter to the downfall of its smartphone business. Today the company announced a sale of its prized patent portfolio for $600 million. The buyer is "Catapult IP Innovations Inc.," a new company BlackBerry describes as "a special purpose vehicle formed to acquire the BlackBerry patent assets." BlackBerry says the patents are for "mobile devices, messaging and wireless networking." These are going to be the patents surrounding BlackBerry's phones, QWERTY keyboards, and BlackBerry Messenger (BBM). BlackBerry most recently weaponized these patents against Facebook Messenger in 2018, which covered ideas like muting a message thread and displaying notifications as a numeric icon badge. BlackBerry -- back when it was called RIM -- was a veteran of the original smartphone patent wars, though, and went after companies like Handspring and Good Technology in the early 2000s.

If the name "Catapult IP Innovations" didn't give it away, weaponizing BlackBerry's patents is the most obvious outcome of this deal. According to the press release, Catapult's funding for the $600 million deal is just a $450 million loan, which will immediately be given to BlackBerry in cash. The remaining $150 million is a promissory note with the first payment due in three years. That means Catapult is now a new company with a huge amount of debt, no products, and no cash flow. Assuming the plan isn't to instantly go bankrupt, Catapult needs to start monetizing BlackBerry's patents somehow, which presumably means suing everyone it believes is in violation of its newly acquired assets.

As a new government website went live in January to offer free Covid-19 test kits, a rash of new domain names were registered. Some had remarkably similar URLs, or were nearly the same but slightly misspelled. From a report: Cybersecurity experts said the goal was likely the same for all of them: bogus domain names that can be used for phishing attacks and other scams. Suspected fraudsters have registered more than 600 suspicious domain registrations since Jan. 15, around the time Biden administration announced details about a program in which the U.S. Postal Service would deliver Covid-19 tests to Americans' homes, email security firm Proofpoint told Bloomberg News. The look-alike URLs are often meant to trick Covid-weary Americans into thinking they are signing up for a free nasal swab, when in fact they might be handing personal data over to a cybercrime syndicate, cybersecurity experts said. The government website for free Covid tests, covidtests.gov, opened for business on Jan. 18, along with a related site, special.usps.com, where users are directed to place an order with the Postal Service.

Ohio promised Intel roughly $2 billion in tax breaks and incentives to attract its $20 billion chip-making factory to the state, according to the Associated Press. The state's development director tells them it may be the biggest economic development deal in history.

Intel's hoping it creates a powerful new technology hub in the Midwest, while also eventually addressing an ongoing chip shortage, according to the article. Unfortunately, the factory's production isn't expected to come online until 2025, though "The complex could grow much larger and more quickly, Intel executives said, if Congress approves a $52 billion bill that would invest in the chip sector and help ensure more production in the U.S." Intel CEO Patrick Gelsinger said the total Ohio investment could top $100 billion over the decade, with six additional factories, making it one of the world's biggest chipmaking sites....

Ohio's offer includes $600 million to help Intel offset the cost of building the factories, which is more expensive than it would be in Asia, said Lydia Mihalik, the state's development director. The state also will pay nearly $700 million for roadwork and water infrastructure upgrades, including a system that will allow the plant to reuse wastewater. The state Legislature this summer approved a 30-year tax break that will allow Intel to save $650 million.

The state's share will be money well spent because the Intel facility will not only create jobs, but also make Ohio more attractive to industries such as auto, aviation and defense that rely on chips, Mihalik said. "These investments will not only ensure that this project is successful here, but will also be supporting the region by increasing local infrastructure to support future growth," Mihalik said.
The article also cites the Semiconductor Industry Association's estimate that America's share of the world's chip manufacturing has declined from 37% in 1990 to 12% today.

America's Internal Revenue Service created an uproar with early plans to require live-video-feed selfies to verify identities for online tax services (via an outside company called ID.me).

But Wired points out that more than 20 U.S. federal agencies are already using a digital identification system (named Login.gov and built on services from LexisNexis) that "can use selfies for account verification."

It's run by America's General Services Administration, or GSA.... The GSA's director of technology transformation services Dave Zvenyach says facial recognition is being tested for fairness and accessibility and not yet used when people access government services through Login.gov. The GSA's administrator said last year that 30 million citizens have Login.gov accounts and that it expects the number to grow significantly as more agencies adopt the system.

"ID.me is supplying something many governments ask for and require companies to do," says Elizabeth Goodman, who previously worked on Login.gov and is now senior director of design at federal contractor A1M Solutions. Countries including the UK, New Zealand, and Denmark use similar processes to ID.me's to establish digital identities used to access government services. Many international security standards are broadly in line with those of the U.S., written by the National Institute of Standards and Technology (NIST).

Goodman says that such programs need to provide offline options such as visiting a post office for people unable or unwilling to use phone apps or internet services....
In fact, Wired argues that in many cases, a selfie or biometric data is virtually required by U.S. federal security guidelines from 2017: NIST's 2017 standard says that access to systems that can leak sensitive data or harm public programs should require verifying a person's identity by comparing them to a photo — either remotely or in person — or using biometrics such as a fingerprint scanner. It says that a remote check can be done either by video with a trained agent, or using software that checks for an ID's authenticity and the "liveness" of a person's photo or video.... California's Employment Development Department said that ID.me blocked more than 350,000 fraudulent claims in the last three months of 2020. But the state auditor said an estimated 20 percent of legitimate claimants were unable to verify their identities with ID.me.

Caitlin Seeley George, director of campaigns and operations with nonprofit Fight for the Future, says ID.me uses the specter of fraud to sell technology that locks out vulnerable people and creates a stockpile of highly sensitive data that itself will be targeted by criminals. ...

"Intel will have to defend itself against claims that the semiconductor goliath knew its microprocessors were defective and failed to tell customers," reports the Register: On Wednesday, Judge Michael Simon, of the US District Court of Oregon, partially denied the tech giant's motion to dismiss a class-action lawsuit arising from the 2018 public disclosure of Meltdown and Spectre, the family of data-leaking chip microarchitecture design blunders....

To defend against Meltdown and Spectre, Intel and other affected vendors have had to add software and hardware mitigations that for some workloads make patched processors mildly to significantly slower. The disclosure of related flaws has continued since that time, as researchers develop variations on the initial attacks and find other parts of chips that similarly expose privileged data. It is a problem that still is not entirely solved...

[L]awsuits have been consolidated into a multi-district proceeding known as "Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation" (3:18-md-02828-SI). And since 2018, Intel has been trying to get them to go away. Twice before the judge had dismissed the plaintiffs' complaint while allowing the plaintiffs to amend and refile their allegations. This third time, the judge only partially granted Intel's motion to toss the case. Judge Simon dismissed claims based on purchases up through August 2017 because Intel was unaware of the microarchitecture vulnerabilities up to that point. But he allowed seven claims, from September 2017 onward, to proceed, finding the plaintiffs' contention that Intel delayed disclosure of the flaws to maximize holiday season sales plausible enough to allow the case to move forward.

"Based on plaintiffs' allegations, it is not clear that Intel had a countervailing business interest other than profit for delaying disclosure for as long as it did (through the holiday season), for downplaying the negative effects of the mitigation, for suppressing the effects of the mitigation, and for continuing to embargo further security exploits that affect only Intel processors," the judge wrote in his order. [PDF]