An anonymous reader shared this report from BleepingComputer: A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. Also tracked as Evasive Panda, Daggerfly, and StormCloud, this cyber-espionage group has been active since at least 2012, targeting organizations across mainland China, Hong Kong, Macao, Nigeria, and various Southeast and East Asian countries.

On Friday, Volexity threat researchers revealed that the Chinese cyber-espionage gang had exploited insecure HTTP software update mechanisms that didn't validate digital signatures to deploy malware payloads on victims' Windows and macOS devices... To do that, the attackers intercepted and modified victims' DNS requests and poisoned them with malicious IP addresses. This delivered the malware to the targets' systems from StormBamboo's command-and-control servers without requiring user interaction.
Volexity's blog post says they observed StormBamboo "targeting multiple software vendors, who use insecure update workflows..." and then "notified and worked with the ISP, who investigated various key devices providing traffic-routing services on their network. As the ISP rebooted and took various components of the network offline, the DNS poisoning immediately stopped."

BleepingComputer notes that "âAfter compromising the target's systems, the threat actors installed a malicious Google Chrome extension (ReloadText), which allowed them to harvest and steal browser cookies and mail data."

Apple's elaborate new ad campaign promises that Safari is "a browser that protects your privacy." And the Washington Post says Apple "deserves credit for making many privacy protections automatic with Safari..."

"But Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, said Safari is no better than the fourth-best web browser for your privacy." "If browser privacy were a sport at the Olympics, Apple isn't getting on the medal stand," Cahn said. (Apple did not comment about this.)

Safari stops third-party cookies anywhere you go on the web. So do Mozilla's Firefox and the Brave browser... Chrome allows third-party cookies in most cases unless you turn them off... Even without cookies, a website can pull information like the resolution of your computer screen, the fonts you have installed, add-on software you use and other technical details that in aggregate can help identify your device and what you're doing on it. The measures, typically called "fingerprinting," are privacy-eroding tracking by another name. Nick Doty with the Center for Democracy & Technology said there's generally not much you can do about fingerprinting. Usually you don't know you're being tracked that way. Apple says it defends against common fingerprinting techniques but Cahn said Firefox, Brave and the Tor Browser all are better at protecting you from digital surveillance. That's why he said Safari is no better than the fourth-best browser for privacy.
Safari's does offer extra privacy protections in its "private" mode, the article points out. "When you use this option, Apple says it does more to block use of 'advanced' fingerprinting techniques. It also steps up defenses against tracking that adds bits of identifying information to the web links you click."

The article concludes that Safari users can "feel reasonably good about the privacy (and security) protections, but you can probably do better — either by tweaking your Apple settings or using a web browser that's even more private than Safari."

The Japanese government has released details of an app that verifies the legitimacy of its troubled My Number Card -- a national identity document. From a report: Beginning in 2015, every resident of Japan was assigned a 12 digit My Number that paved the way for linking social security, taxation, disaster response and other government services to both the number itself and a smartcard. The plan was to banish bureaucracy and improve public service delivery -- but that didn't happen.

My Number Card ran afoul of data breaches, reports of malfunctioning card readers, and database snafus that linked cards to other citizens' bank accounts. Public trust in the scheme fell, and adoption stalled. Now, according to Japan's Digital Ministry, counterfeit cards are proliferating to help miscreant purchase goods -- particularly mobile phones -- under fake identities. Digital minister Taro Kono yesterday presented his solution to the counterfeits: a soon to be mandatory app that confirms the legitimacy of the card. The app uses the camera on a smartphone to read information printed on the card -- like date of birth and name. It compares those details to what it reads from info stored in the smartcard's resident chip, and confirms the data match without the user ever needing to enter their four-digit PIN.

Microsoft Dynamics 365's "field service management" tools enable employers to monitor mobile workers via smartphone apps -- "allegedly to the detriment of their autonomy and dignity," reports The Register. From the report: According to a probe by Cracked Labs - an Austrian nonprofit research group -- the software is part of a broader set of applications that disempowers workers through algorithmic management. The case study [PDF] summarizes how employers in Europe actually use software and smartphone apps to oversee field technicians, home workers, and cleaning staff. It's part of a larger ongoing project helmed by the group called "Surveillance and Digital Control at Work," which includes contributions from AlgorithmWatch; Jeremias Adams-Prassl, professor of law at the University of Oxford; and trade unions UNI Europa and GPA.

Mobile maintenance workers used to have a substantial amount of autonomy when they were equipped with basic mobile phones, the study notes, but smartphones have allowed employers to track what mobile workers do, when they do it, where they are, and gather many other data points. The effect of this monitoring, the report argues, means diminished worker discretion, autonomy, and sense of purpose due to task-based micromanagement. The shift has also accelerated and intensified work stress, with little respect to workers' capabilities, differences in lifestyle, and job practices. "Field service workers travel to multiple locations servicing different products every day," a Microsoft spokesperson told The Register. "Dynamics 365 Field Service and its Copilot capabilities are designed to help field service workers schedule, plan and provide onsite maintenance and repairs in the right location, on time with the right information and workplace guides on their device to complete their jobs."

"Dynamics 365 Field Service does not use AI to recommend individual workers for specific jobs based on previous performance. Dynamics 365 Field Service was developed in accordance with our Responsible AI principles and data privacy statement. Customers are solely responsible for using Dynamics 365 Field Service in compliance with all applicable laws, including laws relating to accessing individual employee analytics and monitoring."

An anonymous reader quotes a report from Ars Technica: On Wednesday, US Sens. Chris Coons (D-Del.), Marsha Blackburn (R.-Tenn.), Amy Klobuchar (D-Minn.), and Thom Tillis (R-NC) introduced the Nurture Originals, Foster Art, and Keep Entertainment Safe (NO FAKES) Act of 2024. The bipartisan legislation, up for consideration in the US Senate, aims to protect individuals from unauthorized AI-generated replicas of their voice or likeness. The NO FAKES Act would create legal recourse for people whose digital representations are created without consent. It would hold both individuals and companies liable for producing, hosting, or sharing these unauthorized digital replicas, including those created by generative AI. Due to generative AI technology that has become mainstream in the past two years, creating audio or image media fakes of people has become fairly trivial, with easy photorealistic video replicas likely next to arrive. [...]

To protect a person's digital likeness, the NO FAKES Act introduces a "digital replication right" that gives individuals exclusive control over the use of their voice or visual likeness in digital replicas. This right extends 10 years after death, with possible five-year extensions if actively used. It can be licensed during life and inherited after death, lasting up to 70 years after an individual's death. Along the way, the bill defines what it considers to be a "digital replica": "DIGITAL REPLICA.-The term "digital replica" means a newly created, computer-generated, highly realistic electronic representation that is readily identifiable as the voice or visual likeness of an individual that- (A) is embodied in a sound recording, image, audiovisual work, including an audiovisual work that does not have any accompanying sounds, or transmission- (i) in which the actual individual did not actually perform or appear; or (ii) that is a version of a sound recording, image, or audiovisual work in which the actual individual did perform or appear, in which the fundamental character of the performance or appearance has been materially altered; and (B) does not include the electronic reproduction, use of a sample of one sound recording or audiovisual work into another, remixing, mastering, or digital remastering of a sound recording or audiovisual work authorized by the copyright holder." The NO FAKES Act "includes provisions that aim to balance IP protection with free speech," notes Ars. "It provides exclusions for recognized First Amendment protections, such as documentaries, biographical works, and content created for purposes of comment, criticism, or parody."

Taco Bell's parent company, Yum! Brands, announced today that the fast-food chain will expand its Voice AI technology to "hundreds" of chains around the country by the end of the year. A global expansion of the service will follow. Fortune reports: Right now, more than 100 Taco Bell locations in 13 states rely on AI to take customer orders at the drive-thru. Company officials say that has resulted in improved order accuracy, shorter wait times, and higher profits. Human workers, the company says, will be freed up to focus on other tasks, ranging from interacting with guests who opt to order from the restaurant counter to preparing food. "Yum! Brands is integrating digital and technology into all aspects of our business with exciting new capabilities, and AI is a core piece of that strategy," said Lawrence Kim, chief innovation officer at Yum! Brands, in a statement. "With over two years of fine-tuning and testing the drive-thru Voice AI technology, we're confident in its effectiveness in optimizing operations and enhancing customer satisfaction."

Malaysia plans to introduce an internet "kill switch" law in October, Law Minister Azalina Othman Said has said. The legislation aims to boost digital security by granting authorities power to block online content, though specifics remain unclear. Said emphasized the need for social media and messaging platforms to take greater responsibility for online crimes.

An investigation has determined that "Chinese state actors" were responsible for a 2021 cyberattack on Germany's national office for cartography, officials in Berlin said Wednesday. From a report: The Chinese ambassador was summoned to the Foreign Ministry for a protest for the first time in decades. Foreign Ministry spokesperson Sebastian Fischer said the German government has "reliable information from our intelligence services" about the source of the attack on the Federal Agency for Cartography and Geodesy, which he said was carried out "for the purpose of espionage."

"This serious cyberattack on a federal agency shows how big the danger is from Chinese cyberattacks and spying," Interior Minister Nancy Faeser said in a statement. "We call on China to refrain from and prevent such cyberattacks. These cyberattacks threaten the digital sovereignty of Germany and Europe." Fischer declined to elaborate on who exactly in China was responsible. He said a Chinese ambassador was last summoned to the German Foreign Ministry in 1989 after the Tiananmen Square crackdown.

California's DMV has digitized 42 million car titles using blockchain technology to detect fraud and streamline the title transfer process, enabling residents to claim vehicle titles through a mobile app -- the first such initiative in the U.S. The project is a collaboration with tech company Oxhead Alpha on Ava Labs' Avalanche blockchain. Reuters reports: Digitizing car titles will reduce the need for in-person DMV visits and the blockchain technology will also function as a deterrent against lien fraud. Blockchain technology can help detect lien fraud by creating a transparent and unalterable record of property ownership, making it difficult for fraudulent activity to go unnoticed. California residents will be able to access their digital car titles starting early next year as the DMV builds out the app and infrastructure for consumer access.

An anonymous reader quotes a report from The Verge: The Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens' Online Privacy Protection Act (also known as COPPA 2.0), the first major internet bills meant to protect children to reach that milestone in two decades. A legislative vehicle that included both KOSA and COPPA 2.0 passed 91-3. Senate Majority Leader Chuck Schumer (D-NY) called it "a momentous day" in a speech ahead of the vote, saying that "the Senate keeps its promise to every parent who's lost a child because of the risks of social media." He called for the House to pass the bills "as soon as they can."

KOSA is a landmark piece of legislation that a persistent group of parent advocates played a key role in pushing forward -- meeting with lawmakers, showing up at hearings with tech CEOs, and bringing along photos of their children, who, in many cases, died by suicide after experiencing cyberbullying or other harms from social media. These parents say that a bill like KOSA could have saved their own children from suffering and hope it will do the same for other children. The bill works by creating a duty of care for online platforms that are used by minors, requiring they take "reasonable" measures in how they design their products to mitigate a list of harms, including online bullying, sexual exploitation, drug promotion, and eating disorders. It specifies that the bill doesn't prevent platforms from letting minors search for any specific content or providing resources to mitigate any of the listed harms, "including evidence-informed information and clinical resources." The legislation faces significant opposition from digital rights, free speech, and LGBTQ+ advocates who fear it could lead to censorship and privacy issues. Critics argue that the duty of care may result in aggressive content filtering and mandatory age verification, potentially blocking important educational and lifesaving content.

The bill may also face legal challenges from tech platforms citing First Amendment violations.

Spain's competition watchdog said Tuesday it had slapped online travel agency Booking.com with a record $446.7 million fine for "abusing its dominant position" during the past five years. From a report: "These practices have affected hotels located in Spain and other online travel agencies that compete with the platform. Its terms and conditions create an inequitable imbalance in the commercial relationship with hotels located in Spain," the CNMC said in a statement. "By better positioning hotels with more bookings on Booking.com, other online agencies have been prevented from entering the market or expanding," it added.

This is the largest fine ever imposed by the CNMC, a spokeswoman for the authority told AFP. The CNMC said Booking.com's market share in Spain, the world's second most visited country after France, during the period under investigation was between 70 percent and 90 percent. Booking.com, whose parent company Booking Holdings is headquartered in the United States, is a dominant player with a market share in Europe of more than 60 percent. In May, the European Union added the travel agency to its list of digital companies big enough to fall under tougher competition rules, giving the firm six months to prepare for compliance with the landmark Digital Markets Act (DMA).

An anonymous reader quotes a report from Ars Technica: The death of the US government's Affordable Connectivity Program (ACP) is starting to result in disconnection of Internet service for Americans with low incomes. On Friday, Charter Communications reported a net loss of 154,000 Internet subscribers that it said was mostly driven by customers canceling after losing the federal discount. About 100,000 of those subscribers were reportedly getting the discount, which in some cases made Internet service free to the consumer. The $30 monthly broadband discounts provided by the ACP ended in May after Congress failed to allocate more funding. The Biden administration requested (PDF) $6 billion to fund the ACP through December 2024, but Republicans called the program "wasteful."

Republican lawmakers' main complaint was that most of the ACP money went to households that already had broadband before the subsidy was created. FCC Chairwoman Jessica Rosenworcel warned that killing the discounts would reduce Internet access, saying (PDF) an FCC survey found that 77 percent of participating households would change their plan or drop Internet service entirely once the discounts expired. Charter's Q2 2024 earnings report provides some of the first evidence of users dropping Internet service after losing the discount. "Second quarter residential Internet customers decreased by 154,000, largely driven by the end of the FCC's Affordable Connectivity Program subsidies in the second quarter, compared to an increase of 70,000 during the second quarter of 2023," Charter said.

Across all ISPs, there were 23 million US households enrolled in the ACP. Research released in January 2024 found that Charter was serving over 4 million ACP recipients and that up to 300,000 of those Charter customers would be "at risk" of dropping Internet service if the discounts expired. Given that ACP recipients must meet low-income eligibility requirements, losing the discounts could put a strain on their overall finances even if they choose to keep paying for Internet service. [...] Light Reading reported that Charter attributed about 100,000 of the 154,000 customer losses to the ACP shutdown. Charter said it retained most of its ACP subscribers so far, but that low-income households might not be able to continue paying for Internet service without a new subsidy for much longer.

Speaking at the Bitcoin Conference in Nashville, Republican presidential nominee Donald Trump made a number of cryptocurrency-related pledges:

• Trump promised that if elected, he'd commute the sentence of Silk Road creator Ross Ulbricht to a sentence of time served. "It's enough."

• Trump promised to change the top personnel at America's Securities and Exchange Commission. "On Day One, I will fire Gary Gensler and appoint a new SEC chairman," Trump told the crowd, drawing a long round of applause. ("I didn't know he was that unpopular," Trump joked — then repeated his promise to appoint "a new SEC chairman who believes America should build the future, not block the future, which is what they're doing.")

• Trump also promised that "As president, I will immediately shut down Operation Chokepoint 2.0." (For context, Operation Chokepoint was an Obama-era program — ended during Trump's presidency — to scrutinize bank lending to "high-risk" merchants, mostly predatory "payday" lenders. Concerns were raised that bank regulators were pressuring banks to cut off certain businesses, and while there is no official "Choke Point 2.0," the phrase has been used colloquially to describe the possibility of bank regulators pressuring specific industries like cryptocurrency.)

• Trump also announced he'd oppose a central bank digital currency — although his wording was a little idiosyncratic. "Next I will immediately order the Treasury Department and other federal agencies to cease and desist all steps necessary — because, you know, there's a thing going on in your industry. They want to move the creation of a central bank digital currency. It's over, forget it." [Audience boos CBDC's ] "CBDC — there will never be a CBDC while I'm president of the United States." (In fact a 2023 statement from America's Federal Reserve about CBDC's stresses that "no decisions have been made at this time" and that the Federal Reserve would only proceed with a CBDC after passage of an authorizing law.)

• Trump also told the audience that "We will create a framework to enable the safe and responsible expansion of staple — stablecoins," then teased the crypto-friendly audience by asking playfully "Do you know what a stablecoin is? Does anybody know — please raise your hand." Trump promised the move would "allow us to extend the dominance of the U.S. dollar to new frontiers all around the world," and that "there will be billions and billions of people brought into the crypto economy and storing their savings in bitcoin."

• Toward the end Trump said that if elected, he would direct the government not to sell any of its currently-held bitcoin, keeping it instead as the core of a "strategic national bitcoin stockpile."
  
  "As you know, most of the bitcoin currently held by the U.S. government was obtained through law enforcement action — you know that, they took it from you. 'Let's take that guy's life, let's take his family, his house, his bitcoin — we'll turn it into bitcoin.' It's been taken away from you because that's where we're going now. That's where this country is going. It's a facist regime."

In a speech which lasted for over an hour, the 78-year-old former president also criticized his political opponents, touching on topics like inflation, immigration, and his promise to "drill, baby, drill."

But Trump closed by thanking the 3,000 attendees, telling them to "have a good time with your bitcoin, and your crypto and everything else that you're playing with. And we're going to make that one of the greatest industries on earth."

An anonymous reader quotes a report from the Associated Press: Hollywood's video game performers voted to go on strike Thursday, throwing part of the entertainment industry into another work stoppage after talks for a new contract with major game studios broke down over artificial intelligence protections. The strike -- the second for video game voice actors and motion capture performers under the Screen Actors Guild-American Federation of Television and Radio Artists -- will begin at 12:01 a.m. Friday. The move comes after nearly two years of negotiations with gaming giants, including divisions of Activision, Warner Bros. and Walt Disney Co., over a new interactive media agreement.

SAG-AFTRA negotiators say gains have been made over wages and job safety in the video game contract, but that the studios will not make a deal over the regulation of generative AI. Without guardrails, game companies could train AI to replicate an actor's voice, or create a digital replica of their likeness without consent or fair compensation, the union said. Fran Drescher, the union's president, said in a prepared statement that members would not approve a contract that would allow companies to "abuse AI." "Enough is enough. When these companies get serious about offering an agreement our members can live -- and work -- with, we will be here, ready to negotiate," Drescher said. [...]

The last interactive contract, which expired November 2022, did not provide protections around AI but secured a bonus compensation structure for voice actors and performance capture artists after an 11-month strike that began October 2016. That work stoppage marked the first major labor action from SAG-AFTRA following the merger of Hollywood's two largest actors unions in 2012. The video game agreement covers more than 2,500 "off-camera (voiceover) performers, on-camera (motion capture, stunt) performers, stunt coordinators, singers, dancers, puppeteers, and background performers," according to the union. Amid the tense interactive negotiations, SAG-AFTRA created a separate contract in February that covered indie and lower-budget video game projects. The tiered-budget independent interactive media agreement contains some of the protections on AI that video game industry titans have rejected. "Eighteen months of negotiations have shown us that our employers are not interested in fair, reasonable AI protections, but rather flagrant exploitation," said Interactive Media Agreement Negotiating Committee Chair Sarah Elmaleh. The studios have not commented.

Malaysia's digital minister said today he has asked global tech firms Microsoft and CrowdStrike to consider compensating companies that suffered losses during last week's global tech outage. From a report: Five government agencies and nine companies operating in aviation, banking and healthcare were among those affected in Malaysia, minister Gobind Singh Deo told reporters. "If there are any damages or losses, where there have been any parties that have made such claims, I've asked them to consider those claims and see to what extent they are able to help resolve the issue," Gobind said, adding that the government would also assist on the claims where possible. The total amount of losses incurred has not yet been determined, he said. The outage will cost Fortune 500 companies $5.4 billion, according to estimates from insurers. The projected financial losses exclude Microsoft.

Negotiations on a global tax deal have extended beyond the June 30 deadline, with countries now looking to the G20 finance leaders meeting for progress. "The stakes in the negotiations are high," reports Reuters. "A failure to reach agreement on final terms could prompt several countries to reinstate their taxes on U.S. tech giants and risk punitive duties on billions of dollars in exports to the U.S." Some countries, like Canada, have already implemented their own digital services tax. Reuters reports: The so-called "Pillar 1" arrangement, part of a 2021 global two-part tax deal, aims to replace unilateral digital services taxes (DSTs) on U.S. tech giants including Alphabet's Google, Amazon.com and Apple through a new mechanism to share taxing rights on a broader, global group of companies. Standstill agreements under which Washington has suspended threatened trade retaliation against seven countries -- Austria, Britain, France, India, Italy, Spain and Turkey -- expired on June 30, but the U.S. has not taken steps to impose tariffs.

Discussions on the matter are continuing. An Italian government source said that European countries were seeking assurances that the U.S. tariffs on some $2 billion worth of annual imports from French Champagne to Italian handbags and optical lenses remained frozen while the talks continue, including at the G20 meeting in Rio de Janeiro. A European Union document prepared for the G20 meeting lists finalizing the international tax deal as a "top priority." It said the G20 should urge countries and jurisdictions participating in the tax deal "to finalize discussions on all aspects of Pillar 1, with a view to signing the Multilateral Convention (MLC) by summer end and ratifying it as soon as possible." "Treasury continues to oppose all tax measures that discriminate against U.S. businesses," a U.S. Treasury spokesperson said in response to Canada's move. "We encourage all countries to finalize the work on the Pillar 1 agreement. We are in active discussions on next steps related to the existing DST joint statements."

Humble Games, the indie game publisher behind the popular pay-what-you-want "Humble Game Bundle," has laid off its entire staff of 36 people. However, the company says it is not shutting down and Humble Bundle will not be impacted. Instead, the job cuts are part of a restructuring of operations. GameSpot reports: In a statement shared with GameSpot, Humble Games confirmed that Humble Bundle will have "no impact on its operations. Additionally, ongoing and upcoming games from Humble Games will still move ahead and be published by the company. Humble Games is the publisher of many notable indie games, including Stray Gods, Bo: Path of the Teal Lotus, Chinatown Detective Agency, Ikenfell, Unpacking, Slay the Spire, and Midnight Fight Express, just to name a few.

Humble Games is the separate publishing arm of digital storefront Humble Bundle. Both companies are owned by IGN Entertainment, but operate as a separate entities. Earlier this year, IGN Entertainment also bought video game websites Eurogamer, Rock Paper Shotgun, VG247, GamesIndustry.biz, and Dicebreaker from Gamer Network.

Switzerland has enacted the "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG), mandating open-source software (OSS) in the public sector to enhance transparency, security, and efficiency. "This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it," writes ZDNet's Steven Vaughan-Nichols. "This 'public money, public code' approach aims to enhance government operations' transparency, security, and efficiency." From the report: Making this move wasn't easy. It began in 2011 when the Swiss Federal Supreme Court published its court application, Open Justitia, under an OSS license. The proprietary legal software company Weblaw wasn't happy about this. There were heated political and legal fights for more than a decade. Finally, the EMBAG was passed in 2023. Now, the law not only allows the release of OSS by the Swiss government or its contractors, but also requires the code to be released under an open-source license "unless the rights of third parties or security-related reasons would exclude or restrict this."

Professor Dr. Matthias Sturmer, head of the Institute for Public Sector Transformation at the Bern University of Applied Sciences, led the fight for this law. He hailed it as "a great opportunity for government, the IT industry, and society." Sturmer believes everyone will benefit from this regulation, as it reduces vendor lock-in for the public sector, allows companies to expand their digital business solutions, and potentially leads to reduced IT costs and improved services for taxpayers.

In addition to mandating OSS, the EMBAG also requires the release of non-personal and non-security-sensitive government data as Open Government Data (OGD). This dual "open by default" approach marks a significant paradigm shift towards greater openness and practical reuse of software and data. Implementing the EMBAG is expected to serve as a model for other countries considering similar measures. It aims to promote digital sovereignty and encourage innovation and collaboration within the public sector. The Swiss Federal Statistical Office (BFS) is leading the law's implementation, but the organizational and financial aspects of the OSS releases still need to be clarified.

The Japan Newspaper Publishers and Editors Association claims that AI-powered search engines by U.S. tech giants like Google and Microsoft likely infringe on copyright by using news articles without permission. Therefore, they're urging the Japanese government to quickly review and revise intellectual property laws to address these issues. Kyodo News reports (translated in English): The association argued in the statement that while traditional search engines direct users to various copyrighted material available online, AI search engines disclose the content, making them a completely different type of service. While stressing that in many instances, the essential content of the referenced article is reprinted in its entirety and therefore constitutes copyright infringement, the association also highlighted the issue of "zero-click searches," where users do not visit the source site. It warned that the lack of traffic could lead to the diminution of news organizations' reporting activities, which would then have a negative impact on democracy and culture.

The statement also expressed concern over potential inaccuracies in responses generated by AI search engines, which could give the impression that the source articles themselves were erroneous and damage the credibility of news organizations. The association added that providing AI search engine services without obtaining permission to use the source articles could violate the antimonopoly law. "There are many reasons AI companies are attracted to Japan, including the need for its companies to rapidly develop their digital capabilities and the country's declining population, which is very open to AI," said Yutaka Matsuo, a professor at Tokyo University and chair of the government's AI council, in a statement to the Financial Times. "One other attraction is that AI companies are permitted to learn from information without infringing copyright laws," he added.

The Financial Times says the push to bring AI companies to Japan has raised alarm for some content creators who worry their work isn't being protected. "As it relates to generative AI, Japan's existing Copyright Act does not contribute to protecting creators. In fact, it is focused on restricting the rights of creators," the Japanese Society for Rights of Authors, Composers and Publishers said in a statement.

An anonymous reader quotes a report from Ars Technica: The European Commission (EC) has finally taken action to block Meta's heavily criticized plan to charge a subscription fee to users who value privacy on its platforms. Surprisingly, this step wasn't taken under laws like the Digital Services Act (DSA), the Digital Markets Act (DMA), or the General Data Protection Regulation (GDPR). Instead, the EC announced Monday that Meta risked sanctions under EU consumer laws if it could not resolve key concerns about Meta's so-called "pay or consent" model. Meta's model is seemingly problematic, the commission said, because Meta "requested consumers overnight to either subscribe to use Facebook and Instagram against a fee or to consent to Meta's use of their personal data to be shown personalized ads, allowing Meta to make revenue out of it." Because users were given such short notice, they may have been "exposed to undue pressure to choose rapidly between the two models, fearing that they would instantly lose access to their accounts and their network of contacts," the EC said. To protect consumers, the EC joined national consumer protection authorities, sending a letter to Meta requiring the tech giant to propose solutions to resolve the commission's biggest concerns by September 1.

That Meta's "pay or consent" model may be "misleading" is a top concern because it uses the term "free" for ad-based plans, even though Meta "can make revenue from using their personal data to show them personalized ads." It seems that while Meta does not consider giving away personal information to be a cost to users, the EC's commissioner for justice, Didier Reynders, apparently does. "Consumers must not be lured into believing that they would either pay and not be shown any ads anymore, or receive a service for free, when, instead, they would agree that the company used their personal data to make revenue with ads," Reynders said. "EU consumer protection law is clear in this respect. Traders must inform consumers upfront and in a fully transparent manner on how they use their personal data. This is a fundamental right that we will protect." Additionally, the EC is concerned that Meta users might be confused about how "to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalized ads." They may also find Meta's "imprecise terms and language" confusing, such as Meta referring to "your info" instead of clearly referring to consumers' "personal data." A Meta spokesperson said in a statement: "Subscriptions as an alternative to advertising are a well-established business model across many industries. Subscription for no ads follows the direction of the highest court in Europe and we are confident it complies with European regulation."