×
Government

US IRS To Re-Evaluate Modernization Investments In Light of AI Technology (msn.com) 16

The IRS is pausing its technology modernization efforts to reassess its strategy in light of AI advancements. Reuters reports: The agency will review a number of technology modernization initiatives that have been taken in recent years, including a new direct free filing system for tax returns that was launched last year under the Biden administration, the official told reporters. The official said the IRS did not have a specific number of staff cuts in mind as a result of the technology pause, but said there would be an opportunity to "realign the workforce to those new ways of doing business."
Privacy

Everything You Say To Your Echo Will Be Sent To Amazon Starting On March 28 (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally and, therefore, avoid sending voice recordings to Amazon's cloud. Amazon apparently sent the email to users with "Do Not Send Voice Recordings" enabled on their Echo. Starting on March 28, recordings of everything spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud.

Attempting to rationalize the change, Amazon's email said: "As we continue to expand Alexa's capabilities with generative AI features that rely on the processing power of Amazon's secure cloud, we have decided to no longer support this feature." One of the most marketed features of Alexa+ is its more advanced ability to recognize who is speaking to it, a feature known as Alexa Voice ID. To accommodate this feature, Amazon is eliminating a privacy-focused capability for all Echo users, even those who aren't interested in the subscription-based version of Alexa or want to use Alexa+ but not its ability to recognize different voices.

[...] Amazon said in its email today that by default, it will delete recordings of users' Alexa requests after processing. However, anyone with their Echo device set to "Don't save recordings" will see their already-purchased devices' Voice ID feature bricked. Voice ID enables Alexa to do things like share user-specified calendar events, reminders, music, and more. Previously, Amazon has said that "if you choose not to save any voice recordings, Voice ID may not work." As of March 28, broken Voice ID is a guarantee for people who don't let Amazon store their voice recordings.
Amazon's email continues: "Alexa voice requests are always encrypted in transit to Amazon's secure cloud, which was designed with layers of security protections to keep customer information safe. Customers can continue to choose from a robust set of controls by visiting the Alexa Privacy dashboard online or navigating to More - Alexa Privacy in the Alexa app."

Further reading: Google's Gemini AI Can Now See Your Search History
Security

Chinese Hackers Sat Undetected in Small Massachusetts Power Utility for Months (pcmag.com) 22

In late 2023, the FBI alerted the Littleton Electric Light and Water Departments (LELWD) that it had been breached by a Chinese-state-sponsored hacking group for over 300 days. With the help of cybersecurity firm Dragos and Department of Energy-funded sensors, LELWD confirmed the intrusion, identified the hackers' movements, and ultimately restructured its network to remove them. PCMag reports: At the time, LELWD had been installing sensors from cybersecurity firm Dragos with the help of Department of Energy grants awarded by the American Public Power Association (APPA). "The sensors helped LELWD confirm the extent of the malicious activity on the system and pinpoint when and where the attackers were going on the utility's networks," the APPA said last year. Today, Dragos released a case study (PDF) about the hack, which it blamed on Voltzite, a "sophisticated threat group...that overlaps with Volt Typhoon."

The call from the FBI forced Dragos "to deploy quickly and bypass the planned onboarding timeline" for the LELWD, it says. It discovered that Volt Typhoon "had persistent access to LELWD's network." Hackers were looking for specific data related to [operational technology] operating procedures and spatial layout data relating to energy grid operations," Dragos tells SecurityWeek. In the end, Dragos confirmed the compromised systems did not contain "customer-sensitive data," and LEWLD changed their network architecture to kick Volt Typhoon out, the case study says.
Groups like Volt Typhoon, "don't always go for high-profile targets first," said Ensar Seker, Chief Security Officer at SOCRadar. "Small, underfunded utilities can serve as low-hanging fruit, allowing adversaries to test tactics, develop footholds, and pivot toward larger targets."
Censorship

Meta Stops Ex-Director From Promoting Critical Memoir (bbc.co.uk) 86

Ancient Slashdot reader Alain Williams shares a report from the BBC: Meta has won an emergency ruling in the US to temporarily stop a former director of Facebook from promoting or further distributing copies of her memoir. The book, Careless People by Sarah Wynn-Williams, who used to be the company's global public policy director, includes a series of critical claims about what she witnessed during her seven years working at Facebook.

Facebook's parent company, Meta, says the ruling -- which orders her to stop promotions "to the extent within her control" -- affirms that "the false and defamatory book should never have been published." The UK publisher Macmillan says it is "committed to upholding freedom of speech" and Ms Wynn-Williams' "right to tell her story." [You can also hear Ms Wynn-Williams interviewed in the BBC Radio 4 Media Show on March 12.]

United States

Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying, Has Died (eff.org) 35

An anonymous reader quotes a report from the EFF: EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn't set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF's front door in early 2006 with a simple question: "Do you folks care about privacy?"

We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T's central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical "splitters" that sat just outside of the secret NSA room but were hardwired into it. Those splitters -- as well as similar ones in cities around the U.S. -- made a copy of all data going through those circuits and delivered it into the secret room. Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.

Privacy

Allstate Insurance Sued For Delivering Personal Info In Plaintext (theregister.com) 23

An anonymous reader quotes a report from The Register: New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it. The data was lifted from Allstate's National General business unit, which ran a website for consumers who wanted to get a quote for a policy. That task required users to input a name and address, and once that info was entered, the site searched a LexisNexis Risk Solutions database for data on anyone who lived at the address provided. The results of that search would then appear on a screen that included the driver's license number (DLN) for the given name and address, plus "names of any other drivers identified as potentially living at that consumer's address, and the entire DLNs of those other drivers."

Naturally, miscreants used the system to mine for people's personal information for fraud. "National General intentionally built these tools to automatically populate consumers' entire DLNs in plain text -- in other words, fully exposed on the face of the quoting websites -- during the quoting process," the court documents [PDF] state. "Not surprisingly, attackers identified this vulnerability and targeted these quoting tools as an easy way to access the DLNs of many New Yorkers," according to the lawsuit. The digital thieves then used this information to "submit fraudulent claims for pandemic and unemployment benefits," we're told. ... [B]y the time the insurer resolved the mess, crooks had built bots that harvested at least 12,000 individuals' driver's license numbers from the quote-generating site.

The Internet

Internet Shutdowns At Record High In Africa As Access 'Weaponized' (theguardian.com) 26

Internet shutdowns in Africa hit a record high in 2024, with 21 shutdowns across 15 countries. The previous record was 19 shutdowns in 2020 and 21. The Guardian reports: Authorities in Comoros, Guinea-Bissau and Mauritius joined repeat offenders such as Burundi, Ethiopia, Equatorial Guinea and Kenya. Guinea, Nigeria, Senegal and Tanzania were also on the list. But perpetrators also included militias and other non-state actors. Telecommunication and internet service providers who shut services based on government orders are also complicit in violating people's rights, said Felicia Anthonio, the #KeepItOn campaign manager at Access Now, citing the UN guiding principles on business and human rights.

The details showed that most of the shutdowns were imposed as a response to conflicts, protests and political instability. There were also restrictions during elections. [...] At least five shutdowns in Africa had been imposed for more than a year by the end of 2024, according to Access Now. As of early 2025, the social network Meta was still restricted in Uganda, despite authorities engaging with its representatives. On the Equatorial Guinean island of Annobon, internet and cell services have been cut off since an August 2024 protest over environmental concerns and isolation from the rest of the country. The increase in shutdowns led the African Commission on Human and Peoples' Rights to pass a landmark resolution in March 2024 to help reverse the trend.

Crime

Thousands of Freed Scam Center Workers Now Trapped in Overcrowded Detention Centers (apnews.com) 83

August, 2023: Thousands of Crypto Scammers are Enslaved by Human-Trafficking Gangsters, Says Bloomberg Reporter. ("They'd lure young people from across Southeast Asia...with the promise of well-paying jobs in customer service or online gambling.")

February, 2025: A coordinated response begins by Thai, Chinese and Myanmar authorities, which includes cutting power, internet, and fuel supplies to the scam centers.

Today: The Associated Press reports that thousands of the people liberated from locked compounds in Myanmar now "have found themselves trapped once again, this time in overcrowded facilities with no medical care, limited food and no idea when they'll be sent home." Thousands of sick, exhausted and terrified young men and women, from countries all over the world squat in rows, packed shoulder to shoulder, surgical masks covering their mouths and eyes. Their nightmare was supposed to be over... The armed groups who are holding the survivors, as well as Thai officials across the border, say they are awaiting action from the detainees' home governments. It's one of the largest potential rescues of forced laborers in modern history, but advocates say the first major effort to crack down on the cyber scam industry has turned into a growing humanitarian crisis...

An unconfirmed list provided by authorities in Myanmar says they're holding citizens from 29 countries including Philippines, Kenya and the Czech Republic. Authorities in Thailand say they cannot allow foreigners to cross the border from Myanmar unless they can be sent home immediately, leaving many to wait for help from embassies that has been long in coming. China sent a chartered flight Thursday to the tiny Mae Sot airport to pick up a group of its citizens, but few other governments have matched that. There are roughly 130 Ethiopians waiting in a Thai military base, stuck for want of a $600 plane ticket. Dozens of Indonesians were bused out one morning last week, pushing suitcases and carrying plastic bags with their meager possessions as they headed to Bangkok for a flight home... The recent abrupt halt to U.S. foreign aid funding has made it even harder to get help to released scam center workers...

It's not clear how much of an effect these releases will have on the criminal groups that run the scam centers. February marked the third time the Thais have cut internet or electricity to towns across the river. Each time, the compounds have managed to work around the cuts. Large compounds have access to diesel-powered generators, as well as access to internet provider Starlink, experts working with law enforcement say.

The article also points out that "The people released are just a small fraction of what could be 300,000 people working in similar scam operations across the region, according to an estimate from the United States Institute of Peace. Human rights groups and analysts add that the networks that run these illegal scams will continue to operate unless much broader action is taken against them..."

"The United Nations Office on Drugs and Crimes estimates that between $18 billion and $37 billion was lost in Asia alone in 2023, with minimal government action against the criminal industry's spread."
Facebook

Zuckerberg's Meta Considered Sharing User Data with China, Whistleblower Alleges (msn.com) 36

The Washington Post reports: Meta was willing to go to extreme lengths to censor content and shut down political dissent in a failed attempt to win the approval of the Chinese Communist Party and bring Facebook to millions of internet users in China, according to a new whistleblower complaint from a former global policy director at the company.

The complaint by Sarah Wynn-Williams, who worked on a team handling China policy, alleges that the social media giant so desperately wanted to enter the lucrative China market that it was willing to allow the ruling party to oversee all social media content appearing in the country and quash dissenting opinions. Meta, then called Facebook, developed a censorship system for China in 2015 and planned to install a "chief editor" who would decide what content to remove and could shut down the entire site during times of "social unrest," according to a copy of the 78-page complaint exclusively seen by The Washington Post.

Meta chief executive Mark Zuckerberg also agreed to crack down on the account of a high-profile Chinese dissident living in the United States following pressure from a high-ranking Chinese official the company hoped would help them enter China, according to the complaint, which was filed in April to the Securities and Exchange Commission [SEC]. When asked about its efforts to enter China, Meta executives repeatedly "stonewalled and provided nonresponsive or misleading information" to investors and American regulators, according to the complaint.

Wynn-Williams bolstered her SEC complaint with internal Meta documents about the company's plans, which were reviewed by The Post. Wynn-Williams, who was fired from her job in 2017, is also scheduled to release a memoir this week documenting her time at the company, titled "Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism." According to a memo in the complaint, Meta leaders faced aggressive pressure by Chinese government officials to host Chinese users' data to local data centers, which Wynn-Williams alleges would have made it easier for the Chinese Communist Party to covertly obtain the personal information of its citizens.

Wynn-Williams told the Washington Post that "for many years Meta has been working hand in glove with the Chinese Communist Party, briefing them on the latest technological developments and lying about it."

Reached for a comment, Meta spokesman Andy Stone told the Washington Post it was "no secret" they'd been interested in operating in China. "This was widely reported beginning a decade ago. We ultimately opted not to go through with the ideas we'd explored, which Mark Zuckerberg announced in 2019." Although the Post shares new details about what a Facebook privacy policy staffer offer China in negotations in 2014. ("In exchange for the ability to establish operations in China, FB will agree to grant the Chinese government access to Chinese users' data — including Hongkongese users' data.")

The Post also describes one iteration of a proposed agreement in 2015. "To aid the effort, Meta built a censorship system specially designed for China to review, including the ability to automatically detect restricted terms and popular content on Facebook, according to the complaint...

"In 2017, Meta covertly launched a handful of social apps under the name of a China-based company created by one of its employees, according to the complaint."
Chrome

America's Justice Department Still Wants Google to Sell Chrome (msn.com) 64

Last week Google urged the U.S. government not to break up the company — but apparently, it didn't work.
In a new filing Friday, America's Justice Department "reiterated its November proposal that Google be forced to sell its Chrome web browser," reports the Washington Post, "to address a federal judge finding the company guilty of being an illegal monopoly in August." The government also kept a proposal that Google be banned from paying other companies to give its search engine preferential placement on their apps and phones. At the same time, the government dropped its demand that Google sell its stakes in AI start-ups after one of the start-ups, Anthropic AI, argued that it needed Google's money to compete in the fast-growing industry.

The government's final proposal "reaffirms that Google must divest the Chrome browser — an important search access point — to provide an opportunity for a new rival to operate a significant gateway to search the internet, free of Google's monopoly control," Justice Department lawyers wrote in the filing... Judge Amit Mehta, of the U.S. District Court for the District of Columbia, who had ruled that Google held an illegal monopoly, will decide on the final remedies in April.

The article quotes a Google spokesperson's response: that the Justice Department's "sweeping" proposals "continue to go miles beyond the court's decision, and would harm America's consumers, economy and national security."
United States

Is America Closer to Ending Daylight Saving Time? (msn.com) 198

U.S. president Donald Trump called Daylight Saving Time "very costly to our nation" and "inconvenient" in December. Today the Washington Post remembers he'd vowed his Republican party would use their "best efforts" to eliminate it.

But it's still proving to be politically difficult... Polls have shown that most Americans oppose the time shifts but disagree on what should replace them... [U.S. political leaders] also say they are grappling with whether the nation should permanently move the clocks forward one hour, an idea championed by lawmakers on the coasts who say it would allow for more sunshine during the winter, or remain on year-round standard time, which is favored by neurologists who say it aligns with our circadian rhythms. That decision would rest with Congress, not the president. The split often reflects regional, not political, differences, based on where time zones fall; a year-round "spring forward" would mean winter sunrises that could creep past 9 a.m. in cities such as Indianapolis and Detroit, prompting many local lawmakers to oppose the idea...

[A 2022 Senate vote to make Daylight Saving Time permanent] awoke a new lobbying effort from advocates such as the American Academy of Sleep Medicine, which warned that year-round daylight saving time would be unhealthy, citing risks such as higher rates of obesity or metabolic dysfunction. Some researchers warned of a condition dubbed "social jetlag," saying that internal body clocks and rhythms would be persistently misaligned if human clocks were permanently set forward an hour. The concerted resistance from the health groups — which some congressional aides jokingly referred to as "Big Sleep" — helped kill the measure in the House and has contributed to a stalemate over how to proceed...

Today, roughly two-thirds of Americans want to end the clock changes, polls show. But even those Americans don't agree on what should come next. An October 2023 YouGov poll found that 33 percent of respondents wanted year-round daylight saving time, 23 percent wanted permanent standard time, and 9 percent had no preference. The remainder weren't sure or preferred to remain on the current system... The political fight is far from over, with Trump allies such as Sen. Tommy Tuberville (R-Alabama) pledging to keep pushing for year-round daylight saving time. Some congressional Republicans also have privately called for a hearing in front of the House Energy and Commerce Committee, with hopes of advancing the Sunshine Protection Act.

GNU is Not Unix

Free Software Foundation Rides To Defend AGPLv3 Against Neo4j License Add-ons (fsf.org) 48

This week the Free Software Foundation "backed a lone developer's brave effort to overturn a pivotal court ruling that threatens to undermine the AGPLv3 — the foundation's GNU Affero General Public License, version 3," reports the Register.

"At stake is the future of not just the AGPLv3, but the FSF's widely used GNU Public License it is largely based on, and the software covered by those agreements." A core tenet of the GPL series is that free software remains free forever, and this is woven into the licenses' fine print. This ongoing legal battle is a matter of whether people can alter those licenses and redistribute code as they see fit in a non-free way, or if they must stick to the terms of an agreement that says the terms cannot be changed... If the Ninth Circuit upholds the [original district court] ruling, it's likely to create a binding precedent that would limit one of the major freedoms that AGPLv3 and other GPL licenses aim to protect — the ability to remove restrictions added to GPL licensed code.
"Neo4j appended an additional nonfree commercial restriction, the Commons Clause, to a verbatim version of the GNU AGPLv3 in a version of its software..." according to an FSF announcement this week. "The FSF's position on such confusing licensing practices has always been clear: the GNU licenses explicitly allow users to remove restrictions incompatible with the four freedoms." (You can read their amicus brief here.)

Thanks to Slashdot reader jms00 for sharing the news.
Crime

Sam Bankman-Fried Gives a Jailhouse Interview, Seeking a Pardon (msn.com) 67

Sam Bankman-Fried — one of the largest donors to the Democratic Party — "was convicted of fraud, sentenced to 25 years in prison and mostly went silent," reports the Wall Street Journal. "Until recently..." Now, from behind bars at the Metropolitan Detention Center in Brooklyn, Bankman-Fried is orchestrating an extraordinary public-relations blitz that looks very much like a campaign to make the most audacious trade of his career: support for President Trump's agenda in return for a presidential pardon...

There is little downside to Bankman-Fried's long-shot effort to secure a pardon. As the appeal that he filed last year works its way through the courts, Bankman-Fried, 33, is staring down a prison sentence that could extend until his 50s... The crowning touch of his campaign came on Thursday, when Bankman-Fried gave a jailhouse interview to "The Tucker Carlson Show," which was released on social-media channels including X and YouTube. Appearing on video in a brown jumpsuit, he criticized Washington bureaucrats and crypto regulators — and suggested that he went to prison out of political retribution... [Carlson's title for the interview? "Sam Bankman-Fried on Life in Prison With Diddy, and How Democrats Stole His Money and Betrayed Him."]

The interview hadn't been approved by the Federal Bureau of Prisons, according to a person familiar with the matter. Bankman-Fried spoke with Carlson through a link that is typically used by inmates to communicate with their lawyers, the person said. After the interview, Bankman-Fried was placed in solitary confinement, but he was out by Friday afternoon, according to a person familiar with the matter... Bankman-Fried is trying to highlight in media appearances and in any interaction with Trump's team that FTX customers are set to be made whole with interest through the bankruptcy proceedings — at least in dollar terms. Many of those creditors remain furious that they missed out on bitcoin's rally since November 2022.

Bankman-Fried "wants to set the record straight on his political beliefs, which he believes have been misconstrued," according to the article. "While he has given heavily to Democrats, he has also donated to Republican causes, including the contribution of millions to a group supporting Senator Mitch McConnell."

But the New York Times, citing "people with knowledge" of his pardon-seeking efforts, reported that "So far, the push does not appear to have gained traction."
Cellphones

Rayhunter: A Cheap New Tool from EFF to Detect Cellular Spying (androidauthority.com) 23

Equuleus42 (Slashdot reader #723) brings word that the Electronic Frontier Foundation (EFF) is sharing a new tool for fighting back against cellphone surveillance by Stingray cell-site simulators.

Android Authority reports: "Rayhunter" uses an open-source software package designed to look for evidence of IMSI catchers in action, running on an old Orbic Speed RC400L mobile hotspot. The great thing about that choice is that you can pick one up for practically nothing — we're seeing them listed for barely over $10 on Amazon, and you can find them even cheaper on eBay. There's an installation script for Macs and Linux to automate getting set up, but once the Orbic is flashed with the Rayhunter software, it should be ready go, collecting data about sketchy-looking "cell towers" it picks up.

Right now, much of the use of IMSI catchers is still shrouded in mystery, with the groups who regularly employ them extremely hesitant to disclose their methods. As a result, a big focus of this EFF project is just getting more info on how and where these are actually used, giving protestors a better sense of the steps they'll need to take if they want to protect their privacy.

AI

Signal President Calls Out Agentic AI As Having 'Profound' Security and Privacy Issues (techcrunch.com) 8

Signal President Meredith Whittaker warned at SXSW that agentic AI poses significant privacy and security risks, as these AI agents require extensive access to users' personal data, likely processing it unencrypted in the cloud. TechCrunch reports: "So we can just put our brain in a jar because the thing is doing that and we don't have to touch it, right?," Whittaker mused. Then she explained the type of access the AI agent would need to perform these tasks, including access to our web browser and a way to drive it as well as access to our credit card information to pay for tickets, our calendar, and messaging app to send the text to your friends. "It would need to be able to drive that [process] across our entire system with something that looks like root permission, accessing every single one of those databases -- probably in the clear, because there's no model to do that encrypted," Whittaker warned.

"And if we're talking about a sufficiently powerful ... AI model that's powering that, there's no way that's happening on device," she continued. "That's almost certainly being sent to a cloud server where it's being processed and sent back. So there's a profound issue with security and privacy that is haunting this hype around agents, and that is ultimately threatening to break the blood-brain barrier between the application layer and the OS layer by conjoining all of these separate services [and] muddying their data," Whittaker concluded.

If a messaging app like Signal were to integrate with AI agents, it would undermine the privacy of your messages, she said. The agent has to access the app to text your friends and also pull data back to summarize those texts. Her comments followed remarks she made earlier during the panel on how the AI industry had been built on a surveillance model with mass data collection. She said that the "bigger is better AI paradigm" -- meaning the more data, the better -- had potential consequences that she didn't think were good. With agentic AI, Whittaker warned we'd further undermine privacy and security in the name of a "magic genie bot that's going to take care of the exigencies of life," she concluded.
You can watch the full speech on YouTube.

Slashdot Top Deals