it - Posted On:2024-05-18 11:45:00 Source: slashdot

Security professional Bruce Schneier argues that large language models have the same vulnerability as phones in the 1970s exploited by John Draper. "Data and control used the same channel," Schneier writes in Communications of the ACM. "That is, the commands that told the phone switch what to do were sent along the same path as voices." Other forms of prompt injection involve the LLM receiving malicious instructions in its training data. Another example hides secret commands in Web pages. Any LLM application that processes emails or Web pages is vulnerable. Attackers can embed malicious commands in images and videos, so any system that processes those is vulnerable. Any LLM application that interacts with untrusted users — think of a chatbot embedded in a website — will be vulnerable to attack. It's hard to think of an LLM application that isn't vulnerable in some way. Individual attacks are easy to prevent once discovered and publicized, but there are an infinite number of them and no way to block them as a class. The real problem here is the same one that plagued the pre-SS7 phone network: the commingling of data and commands. As long as the data — whether it be training data, text prompts, or other input into the LLM — is mixed up with the commands that tell the LLM what to do, the system will be vulnerable. But unlike the phone system, we can't separate an LLM's data from its commands. One of the enormously powerful features of an LLM is that the data affects the code. We want the system to modify its operation when it gets new training data. We want it to change the way it works based on the commands we give it. The fact that LLMs self-modify based on their input data is a feature, not a bug. And it's the very thing that enables prompt injection. Like the old phone system, defenses are likely to be piecemeal. We're getting better at creating LLMs that are resistant to these attacks. We're building systems that clean up inputs, both by recognizing known prompt-injection attacks and training other LLMs to try to recognize what those attacks look like. (Although now you have to secure that other LLM from prompt-injection attacks.) In some cases, we can use access-control mechanisms and other Internet security systems to limit who can access the LLM and what the LLM can do. This will limit how much we can trust them. Can you ever trust an LLM email assistant if it can be tricked into doing something it shouldn't do? Can you ever trust a generative-AI traffic-detection video system if someone can hold up a carefully worded sign and convince it to not notice a particular license plate — and then forget that it ever saw the sign...? Someday, some AI researcher will figure out how to separate the data and control paths. Until then, though, we're going to have to think carefully about using LLMs in potentially adversarial situations...like, say, on the Internet. Schneier urges engineers to balance the risks of generative AI with the powers it brings. "Using them for everything is easier than taking the time to figure out what sort of specialized AI is optimized for the task. "But generative AI comes with a lot of security baggage — in the form of prompt-injection attacks and other security risks. We need to take a more nuanced view of AI systems, their uses, their own particular risks, and their costs vs. benefits." Read more of this story at Slashdot.

Read More

it - Posted On:2024-05-18 10:45:00 Source: slashdot

A blind worker for the National Federation of the Blind said Sonos had a reputation for making products usable for people with disabilities, but that "Overnight they broke that trust," according to the Washington Post. They're not the only angry customers about the latest update to Sonos's wireless speaker system. The newspaper notes that nonprofit worker Charles Knight is "among the Sonos die-hards who are furious at the new app that crippled their options to stream music, listen to an album all the way through or set a morning alarm clock." After Sonos updated its app last week, Knight could no longer set or change his wake-up music alarm. Timers to turn off music were also missing. "Something as basic as an alarm is part of the feature set that users have had for 15 years," said Knight, who has spent thousands of dollars on six Sonos speakers for his bedroom, home office and kitchen. "It was just really badly thought out from start to finish." Some people who are blind also complained that the app omitted voice-control features they need. What's happening to Sonos speaker owners is a cautionary tale. As more of your possessions rely on software — including your car, phone, TV, home thermostat or tractor — the manufacturer can ruin them with one shoddy update... Sonos now says it's fixing problems and adding back missing features within days or weeks. Sonos CEO Patrick Spence acknowledged the company made some mistakes and said Sonos plans to earn back people's trust. "There are clearly people who are having an experience that is subpar," Spence said. "I would ask them to give us a chance to deliver the actions to address the concerns they've raised." Spence said that for years, customers' top complaint was the Sonos app was clunky and slow to connect to their speakers. Spence said the new app is zippier and easier for Sonos to update. (Some customers disputed that the new app is faster.) He said some problems like Knight's missing alarms were flaws that Sonos found only once the app was about to roll out. (Sonos updated the alarm feature this week.) Sonos did remove but planned to add back some lesser-used features. Spence said the company should have told people upfront about the planned timeline to return any missing functions. In a blog post Sonos thanked customers for "valuable feedback," saying they're "working to address them as quickly as possible" and promising to reintroduce features, fix bugs, and address performance issues. ("Adding and editing alarms" is available now, as well as VoiceOver fixes for the home screen on iOS.) The Washington Post adds that Sonos "said it initially missed some software flaws and will restore more voice-reader functions next week." Read more of this story at Slashdot.

Read More

news - Posted On:2024-05-18 09:15:00 Source: slashdot

An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.) In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...] The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies. Read more of this story at Slashdot.

Read More

Science - Posted On:2024-05-18 08:45:01 Source: arstechnica

Unraveling how consciousness arises out of particular configurations of organic matter is a quest that has absorbed scientists and philosophers for ages. Now, with AI systems behaving in strikingly conscious-looking ways, it is more important than ever to get a handle on who and what is capable of experiencing life on a conscious level. As Christof Koch writes in Then I Am Myself the World, "That you are intimately acquainted with the way life feels is a brute fact about the world that cries out for an explanation." His explanation—bounded by the limits of current research and framed through Koch’s preferred theory of consciousness—is what he eloquently attempts to deliver.

Koch, a physicist, neuroscientist, and former president of the Allen Institute for Brain Science, has spent his career hunting for the seat of consciousness, scouring the brain for physical footprints of subjective experience. It turns out that the posterior hot zone, a region in the back of the neocortex, is intricately connected to self-awareness and experiences of sound, sight, and touch. Dense networks of neocortical neurons in this area connect in a looped configuration; output signals feedback into input neurons, allowing the posterior hot zone to influence its own behavior. And herein, Koch claims, lies the key to consciousness.

According to integrated information theory (IIT)—which Koch strongly favors over a multitude of contending theories of consciousness—the Rosetta Stone of subjective experience is the ability of a system to influence itself: to use its past state to affect its present state and its present state to influence its future state.

Read More

yro - Posted On:2024-05-18 03:15:00 Source: slashdot

After Adobe threatened legal action, the Delta Emulator said it'll abandon its current logo for a different, yet-to-be-revealed mark. The issue centers around Delta's stylized letter "D", which the digital media giant says is too similar to its stylized letter "A". The Verge reports: On May 7th, Adobe's lawyers reached out to Delta with a firm but kindly written request to go find a different icon, an email that didn't contain an explicit threat or even use the word infringement -- it merely suggested that Delta might "not wish to confuse consumers or otherwise violate Adobe's rights or the law." But Adobe didn't wait for a reply. On May 8th, one day later, Testut got another email from Apple that suggested his app might be at risk because Adobe had reached out to allege Delta was infringing its intellectual property rights. "We responded to both Apple and Adobe explaining our icon was a stylized Greek letter delta -- not an A -- but that we would update the Delta logo anyway to avoid confusion," Testut tells us. The icon you're seeing on the App Store now is just a temporary one, he says, as the team is still working on a new logo. "Both the App Store and AltStore versions have been updated with this temporary icon, but the plan is to update them to the final updated logo with Delta 1.6 once it's finished." Read more of this story at Slashdot.

Read More

science - Posted On:2024-05-17 23:45:00 Source: slashdot

An anonymous reader quotes a report from The Guardian: Proteins in the blood could warn people of cancer more than seven years before it is diagnosed, according to research [published in the journal Nature Communications]. Scientists at the University of Oxford studied blood samples from more than 44,000 people in the UK Biobank, including over 4,900 people who subsequently had a cancer diagnosis. They compared the proteins of people who did and did not go on to be diagnosed with cancer and identified 618 proteins linked to 19 types of cancer, including colon, lung, non-Hodgkin lymphoma and liver. The study, funded by Cancer Research UK and published in Nature Communications, also found 107 proteins associated with cancers diagnosed more than seven years after the patient's blood sample was collected and 182 proteins that were strongly associated with a cancer diagnosis within three years. The authors concluded that some of these proteins could be used to detect cancer much earlier and potentially provide new treatment options, though further research was needed. Read more of this story at Slashdot.

Read More

yro - Posted On:2024-05-17 21:30:00 Source: slashdot

Karl Bode writes via Techdirt: Tired of being underserved and overbilled by shitty regional broadband monopolies, back in 2002 a coalition of local Utah governments formed UTOPIA -- (the Utah Telecommunication Open Infrastructure Agency). The inter-local agency collaborative venture then set about building an "open access" fiber network that allows any ISP to then come and compete on the shared network. Two decades later and the coalition just announced that 18 different ISPs now compete for Utah resident attention over a network that now covers 21 different Utah cities. In many instances, ISPs on the network are offering symmetrical (uncapped) gigabit fiber for as little as $45 a month (plus $30 network connection fee, so $75). Some ISPs are even offering symmetrical 10 Gbps fiber for around $150 a month: "Sumo Fiber, a veteran member of the UTOPIA Open Access Marketplace, is now offering 10 Gbps symmetrical for $119, plus a $30 UTOPIA Fiber infrastructure fee, bringing the total cost to $149 per month." It's a collaborative hybrid that blurs the line between private companies and government, and it works. And the prices being offered here are significantly less than locals often pay in highly developed tech-centric urban hubs like New York, San Francisco, or Seattle. Yet giant local ISPs like Comcast and Qwest spent decades trying to either sue this network into oblivion, or using their proxy policy orgs (like the "Utah Taxpayer Association") to falsely claim this effort would end in chaos and inevitable taxpayer tears. Yet miraculously UTOPIA is profitable, and for the last 15 years, every UTOPIA project has been paid for completely through subscriber revenues. [...] For years, real world experience and several different studies and reports (including our Copia study on this concept) have made it clear that open access networks and policies result in faster, better, more affordable broadband access. UTOPIA is proving it at scale, but numerous other municipalities have been following suit with the help of COVID relief and infrastructure bill funding. Read more of this story at Slashdot.

Read More

hardware - Posted On:2024-05-17 19:30:00 Source: slashdot

Western Digital has unveiled new 6TB external hard drives -- "the first new capacity point for this hard drive drive form factor in about seven years," reports Tom's Hardware. "There is a catch, though: the HDD is slow and will unlikely fit into any mobile PCs, so it looks like it will exclusively serve portable and specialized storage products." From the report: Western Digital's 6TB 2.5-inch HDD is currently used for the latest versions of the company's My Passport, Black P10, and G-Drive ArmorATD external storage devices and is not available separately. All of these drives (excluding the already very thick G-Drive ArmorATD) are thicker than their 5 TB predecessors, which may suggest that in a bid to increase the HDD's capacity, the manufacturer simply installed another platter and made the whole drive thicker instead of developing new platters with a higher areal density. While this is a legitimate way to expand the capacity of a hard drive, it is necessary to note that 5TB 2.5-inch HDDs already feature a 15-mm z-height, which is the highest standard z-height for 2.5-inch form-factor storage devices. As a result, these 6TB 2.5-inch drives will unlikely fit into any desktop PC. When it comes to specifications of the latest My Passport, Black P10, and G-Drive ArmorATD external HDDs, Western Digital only discloses that they offer up to 130 MB/s read speed (just like their predecessors), feature a USB 3.2 Gen 1 (up to 5 GT/s) interface using either a modern USB Type-C or Micro USB Type-B connector and do not require an external power adapter. Read more of this story at Slashdot.

Read More

technology - Posted On:2024-05-17 19:00:00 Source: slashdot

An anonymous reader quotes a report from The Guardian, written by Caroline Haskins: On May 7th and 8th in Washington, D.C., the city's biggest convention hall welcomed America's military-industrial complex, its top technology companies and its most outspoken justifiers of war crimes. Of course, that's not how they would describe it. It was the inaugural "AI Expo for National Competitiveness," hosted by the Special Competitive Studies Project -- better known as the "techno-economic" thinktank created by the former Google CEO and current billionaire Eric Schmidt. The conference's lead sponsor was Palantir, a software company co-founded by Peter Thiel that's best known for inspiring 2019 protests against its work with Immigration and Customs Enforcement (Ice) at the height of Trump's family separation policy. Currently, Palantir is supplying some of its AI products to the Israel Defense Forces. The conference hall was also filled with booths representing the U.S. military and dozens of its contractors, ranging from Booz Allen Hamilton to a random company that was described to me as Uber for airplane software. At industry conferences like these, powerful people tend to be more unfiltered – they assume they're in a safe space, among friends and peers. I was curious, what would they say about the AI-powered violence in Gaza, or what they think is the future of war? Attendees were told the conference highlight would be a series of panels in a large room toward the back of the hall. In reality, that room hosted just one of note. Featuring Schmidt and the Palantir CEO, Alex Karp, the fire-breathing panel would set the tone for the rest of the conference. More specifically, it divided attendees into two groups: those who see war as a matter of money and strategy, and those who see it as a matter of death. The vast majority of people there fell into group one. I've written about relationships between tech companies and the military before, so I shouldn't have been surprised by anything I saw or heard at this conference. But when it ended, and I departed DC for home, it felt like my life force had been completely sucked out of my body. Some of the noteworthy quotes from the panel and convention, as highlighted in Haskins' reporting, include: "It's always great when the CIA helps you out," Schmidt joked when CIA deputy director David Cohen lent him his microphone when his didn't work. The U.S. has to "scare our adversaries to death" in war, said Karp. On university graduates protesting Israel's war in Gaza, Karp described their views as a "pagan religion infecting our universities" and "an infection inside of our society." "The peace activists are war activists," Karp insisted. "We are the peace activists." A huge aspect of war in a democracy, Karp went on to argue, is leaders successfully selling that war domestically. "If we lose the intellectual debate, you will not be able to deploy any armies in the west ever," Karp said. A man in nuclear weapons research jokingly referred to himself as "the new Oppenheimer." Read more of this story at Slashdot.

Read More

Apple - Posted On:2024-05-17 18:30:01 Source: arstechnica

Apple’s initial pitch for the tvOS and the Apple TV as it currently exists was centered around apps. No longer a mere streaming box, the Apple TV would also be a destination for general-purpose software and games, piggybacking off of the iPhone's vibrant app and game library.

That never really panned out, and the Apple TV is still mostly a box for streaming TV shows and movies. But the same App Store rule change that recently allowed Delta, PPSSPP, and other retro console emulators onto the iPhone and iPad could also make the Apple TV appeal to people who want a small, efficient, no-fuss console emulator for their TVs.

So far, few of the emulators that have made it to the iPhone have been ported to the Apple TV. But earlier this week, the streaming box got an official port of RetroArch, the sprawling collection of emulators that runs on everything from the PlayStation Portable to the Raspberry Pi. RetroArch could be sideloaded onto iOS and tvOS before this, but only using awkward workarounds that took a lot more work and know-how than downloading an app from the App Store.

Read More

Health - Posted On:2024-05-17 18:30:00 Source: arstechnica

With the debut of remarkably effective weight-loss drugs, America's high obesity rate and its uniquely astronomical prescription drug pricing appear to be set on a catastrophic collision course—one that threatens to "bankrupt our entire health care system," according to a new Senate report that modeled the economic impact of the drugs in different uptake scenarios.

If just half of the adults in the US with obesity start taking a new weight-loss drug, such as Wegovy, the collective cost would total an estimated $411 billion per year, the analysis found. That's more than the $406 billion Americans spent in 2022 on all prescription drugs combined.

While the bulk of the spending on weight-loss drugs will occur in the commercial market—which could easily lead to spikes in health insurance premiums—taxpayer-funded Medicare and Medicaid programs will also see an extraordinary financial burden. In the scenario that half of adults with obesity go on the drug, the cost to those federal programs would total $166 billion per year, rivaling the programs' total 2022 drug costs of $175 billion.

Read More

slashdot - Posted On:2024-05-17 18:15:01 Source: slashdot

Emilia David reports via The Verge: OpenAI has signed a deal for access to real-time content from Reddit's data API, which means it can surface discussions from the site within ChatGPT and other new products. It's an agreement similar to the one Reddit signed with Google earlier this year that was reportedly worth $60 million. The deal will also "enable Reddit to bring new AI-powered features to Redditors and mods" and use OpenAI's large language models to build applications. OpenAI has also signed up to become an advertising partner on Reddit. No financial terms were revealed in the blog post announcing the arrangement, and neither company mentioned training data, either. That last detail is different from the deal with Google, where Reddit explicitly stated it would give Google "more efficient ways to train models." There is, however, a disclosure mentioning that OpenAI CEO Sam Altman is also a shareholder in Reddit but that "This partnership was led by OpenAI's COO and approved by its independent Board of Directors." "Reddit has become one of the internet's largest open archives of authentic, relevant, and always up-to-date human conversations about anything and everything. Including it in ChatGPT upholds our belief in a connected internet, helps people find more of what they're looking for, and helps new audiences find community on Reddit," Reddit CEO Steve Huffman says. Reddit stock has jumped on news of the deal, rising 13% on Friday to $63.64. As Reuters notes, it's "within striking distance of the record closing price of $65.11 hit in late-March, putting the company on track to add $1.2 billion to its market capitalization." Read more of this story at Slashdot.

Read More

Google - Posted On:2024-05-17 17:30:00 Source: arstechnica

Buried under the news from Google I/O this week is one of Google Cloud's biggest blunders ever: Google's Amazon Web Services competitor accidentally deleted a giant customer account for no reason. UniSuper, an Australian pension fund that manages $135 billion worth of funds and has 647,000 members, had its entire account wiped out at Google Cloud, including all its backups that were stored on the service. UniSuper thankfully had some backups with a different provider and was able to recover its data, but according to UniSuper's incident log, downtime started May 2, and a full restoration of services didn't happen until May 15.

UniSuper's website is now full of must-read admin nightmare fuel about how this all happened. First is a wild page posted on May 8 titled "A joint statement from UniSuper CEO Peter Chun, and Google Cloud CEO, Thomas Kurian." This statement reads, "Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription. This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again."

In the next section, titled "Why did the outage last so long?" the joint statement says, "UniSuper had duplication in two geographies as a protection against outages and loss. However, when the deletion of UniSuper’s Private Cloud subscription occurred, it caused deletion across both of these geographies." Every cloud service keeps full backups, which you would presume are meant for worst-case scenarios. Imagine some hacker takes over your server or the building your data is inside of collapses, or something like that. But no, the actual worst-case scenario is "Google deletes your account," which means all those backups are gone, too. Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution).

Read More

Gaming - Posted On:2024-05-17 17:30:00 Source: arstechnica

"Basically, fast-paced interesting ADHD gameplay. Combination of Dota 2, Team Fortress 2, Overwatch, Valorant, Smite, Orcs Must Die."

That's how notable Valve leaker "Gabe Follower" describes Deadlock, a Valve game that is seemingly in playtesting at the moment, for which a few screenshots have leaked out.

The game has been known as "Neon Prime" and "Citadel" at prior points. It's a "Competitive third-person hero-based shooter," with six-on-six battles across a map with four "lanes." That allows for some of the "Tower defense mechanics" mentioned by Gabe Follower, along with "fast travel using floating rails, similar to Bioshock Infinite." The maps reference a "modern steampunk European city (little bit like Half-Life)," after "bad feedback" about a sci-fi theme pushed the development team toward fantasy.

Read More

Science - Posted On:2024-05-17 17:30:00 Source: arstechnica

Cats and robots are a winning combination, as evidenced by all those videos of kitties riding on Roombas. And now we have Cat Royale, a "multispecies" live installation in which three cats regularly "played" with a robot over 12 days, carefully monitored by human operators. Created by computer scientists from the University of Nottingham in collaboration with artists from a group called Blast Theory, the installation debuted at the World Science Festival in Brisbane, Australia, last year and is now a touring exhibit. The accompanying YouTube video series recently won a Webby Award, and a paper outlining the insights gleaned from the experience was similarly voted best paper at the recent Computer-Human Conference (CHI’24).

"At first glance, the project is about designing a robot to enrich the lives of a family of cats by playing with them," said co-author Steve Benford of the University of Nottingham, who led the research, "Under the surface, however, it explores the question of what it takes to trust a robot to look after our loved ones and potentially ourselves." While cats might love Roombas, not all animal encounters with robots are positive: Guide dogs for the visually impaired can get confused by delivery robots, for example, while the rise of lawn mowing robots can have a negative impact on hedgehogs, per Benford et al.

Blast Theory and the scientists first held a series of exploratory workshops to ensure the installation and robotic design would take into account the welfare of the cats. "Creating a multispecies system—where cats, robots, and humans are all accounted for—takes more than just designing the robot," said co-author Eike Schneiders of Nottingham's Mixed Reality Lab about the primary takeaway from the project. "We had to ensure animal well-being at all times, while simultaneously ensuring that the interactive installation engaged the (human) audiences around the world. This involved consideration of many elements, including the design of the enclosure, the robot, and its underlying systems, the various roles of the humans-in-the-loop, and, of course, the selection of the cats.”

Read More

AI - Posted On:2024-05-17 17:30:00 Source: arstechnica

Stuff posted on Reddit is getting incorporated into ChatGPT, Reddit and OpenAI announced on Thursday. The new partnership grants OpenAI access to Reddit’s Data API, giving the generative AI firm real-time access to Reddit posts.

Reddit content will be incorporated into ChatGPT "and new products," Reddit's blog post said. The social media firm claims the partnership will "enable OpenAI’s AI tools to better understand and showcase Reddit content, especially on recent topics." OpenAI will also start advertising on Reddit.

The deal is similar to one that Reddit struck with Google in February that allows the tech giant to make "new ways to display Reddit content" and provide "more efficient ways to train models," Reddit said at the time. Neither Reddit nor OpenAI disclosed the financial terms of their partnership, but Reddit's partnership with Google was reportedly worth $60 million.

Read More

technology - Posted On:2024-05-17 17:30:00 Source: slashdot

In what's marked as an EU first, the French government has blocked TikTok in its territory of New Caledonia amid widespread pro-independence protests. Politico reports: A French draft law, passed Monday, would let citizens vote in local elections after 10 years' residency in New Caledonia, prompting opposition from independence activists worried it will dilute the representation of indigenous people. The violent demonstrations that have ensued in the South Pacific island of 270,000 have killed at least five people and injured hundreds. In response to the protests, the government suspended the popular video-sharing app -- owned by Beijing-based ByteDance and favored by young people -- as part of state-of-emergency measures alongside the deployment of troops and an initial 12-day curfew. French Prime Minister Gabriel Attal didn't detail the reasons for shutting down the platform. The local telecom regulator began blocking the app earlier on Wednesday. "It is regrettable that an administrative decision to suspend TikTok's service has been taken on the territory of New Caledonia, without any questions or requests to remove content from the New Caledonian authorities or the French government," a TikTok spokesperson said. "Our security teams are monitoring the situation very closely and ensuring that our platform remains safe for our users. We are ready to engage in discussions with the authorities." Digital rights NGO Quadrature du Net on Friday contested the TikTok suspension with France's top administrative court over a "particularly serious blow to freedom of expression online." A growing number of authoritarian regimes worldwide have resorted to internet shutdowns to stifle dissent. This unexpected -- and drastic -- decision by France's center-right government comes amid a rise in far-right activism in Europe and a regression on media freedom. "France's overreach establishes a dangerous precedent across the globe. It could reinforce the abuse of internet shutdowns, which includes arbitrary blocking of online platforms by governments around the world," said Eliska Pirkova, global freedom of expression lead at Access Now. Read more of this story at Slashdot.

Read More

it - Posted On:2024-05-17 16:45:00 Source: slashdot

An anonymous reader quotes a report from BleepingComputer: The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to consumers. These rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against anticipated threats. The new amendments (PDF) adopted earlier this week impact financial firms, such as broker-dealers (funding portals included), investment firms, registered investment advisers, and transfer agents. The modifications were initially proposed in March of last year to modernize and improve the protection of individual financial information from data breaches and exposure to non-affiliated parties. Below is a summary of the introduced changes: - Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken. Exemption applies if the information isn't expected to cause substantial harm or inconvenience to the exposed individuals. - Develop, implement, and maintain written policies and procedures for an incident response program to detect, respond to, and recover from unauthorized access or use of customer information. This should include procedures to assess and contain security incidents, enforce policies, and oversee service providers. - Expand safeguards and disposal rules to cover all nonpublic personal information, including that received from other financial institutions. - Require documentation of compliance with safeguards and disposal rules, excluding funding portals. - Align annual privacy notice delivery with the FAST Act, exempting certain conditions. - Extend safeguards and disposal rules to transfer agents registered with the SEC or other regulatory agencies. Read more of this story at Slashdot.

Read More

Biz & IT - Posted On:2024-05-17 16:30:00 Source: arstechnica

The Securities and Exchange Commission (SEC) will require some financial institutions to disclose security breaches within 30 days of learning about them.

On Wednesday, the SEC adopted changes to Regulation S-P, which governs the treatment of the personal information of consumers. Under the amendments, institutions must notify individuals whose personal information was compromised “as soon as practicable, but not later than 30 days” after learning of unauthorized network access or use of customer data. The new requirements will be binding on broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents.

"Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially," SEC Chair Gary Gensler said. "These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors."

Read More

news - Posted On:2024-05-17 16:15:00 Source: slashdot

The head of Canada's Security Intelligence Service warned Canadians against using video app TikTok, saying data gleaned from its users "is available to the government of China," CBC News reported on Friday. From a report: "My answer as director of the Canadian Security Intelligence Service (CSIS) is that there is a very clear strategy on the part of the government of China to be able to acquire personal information from anyone around the world," CSIS Director David Vigneault told CBC in an interview set to air on Saturday. "These assertions are unsupported by evidence, and the fact is that TikTok has never shared Canadian user data with the Chinese government, nor would we if asked," a TikTok spokesperson said in response to a request for comment. Canada in September ordered a national security review of a proposal by TikTok to expand the short-video app's business in the country. Vigneault said he will take part in that review and offer advice, CBC reported. Read more of this story at Slashdot.

Read More