Oregon is set to become the latest state to pass a Right to Repair law. The Oregon House of Representatives passed the Right to Repair Act (SB 1596) on March 4, two weeks after it advanced from the Senate. It now heads to Governor Tina Kotek's desk, who has five days to sign it.
California, Minnesota and New York have similar legislation, but Nathan Proctor, the Public Interest Research Group's Right to Repair Campaign senior director, calls Oregon's legislation "the best bill yet." (It's worth noting that Colorado also has its own Right to Repair legislation that has a different remit around agricultural equipment rather than around consumer electronics.)
If made into law, Oregon's Right To Repair Act would be the first to ban "parts pairing," a practice that prevents individuals from swapping out a piece for another, theoretically equivalent one. For example, a person might replace their iPhone battery with an identical one from the same model, but they'll likely receive an error message that it either can't be verified or used. The system forces people to buy the part directly from the manufacturer and can only activate it with their consent — otherwise users will have to buy an entirely new device altogether. Instead, under the new bill, manufacturers would be required to:
Prevent or inhibit an independent repair provider or an owner from installing or enabling the function of an otherwise functional replacement part or a component of consumer electronic equipment, including a replacement part or a component that the original equipment manufacturer has not approved.
Reduce the functionality or performance of consumer electronic equipment.
Cause consumer electronic equipment to display misleading alerts or warnings, which the owner cannot immediately dismiss, about unidentified parts.
Along with restricting parts pairing, the act dictates that manufacturers must make compatible parts available to device owners through the company or an authorized service provider for the most favorable price and without any "substantial" conditions.
The parts pairing ban applies to any devices first built or sold in Oregon starting in 2025. However, the law backdates general coverage of electronics to 2015, except for cell phones. Oregon's mobile devices purchased starting July 2021 count — a stipulation in line with California's and Minnesota's Right to Repair bills.
This article originally appeared on Engadget at https://www.engadget.com/oregons-new-right-to-repair-bill-targets-anti-repair-practices-143001457.html?src=rss
Oregon is set to become the latest state to pass a Right to Repair law. The Oregon House of Representatives passed the Right to Repair Act (SB 1596) on March 4, two weeks after it advanced from the Senate. It now heads to Governor Tina Kotek's desk, who has five days to sign it.
California, Minnesota and New York have similar legislation, but Nathan Proctor, the Public Interest Research Group's Right to Repair Campaign senior director, calls Oregon's legislation "the best bill yet." (It's worth noting that Colorado also has its own Right to Repair legislation that has a different remit around agricultural equipment rather than around consumer electronics.)
If made into law, Oregon's Right To Repair Act would be the first to ban "parts pairing," a practice that prevents individuals from swapping out a piece for another, theoretically equivalent one. For example, a person might replace their iPhone battery with an identical one from the same model, but they'll likely receive an error message that it either can't be verified or used. The system forces people to buy the part directly from the manufacturer and can only activate it with their consent — otherwise users will have to buy an entirely new device altogether. Instead, under the new bill, manufacturers would be required to:
Prevent or inhibit an independent repair provider or an owner from installing or enabling the function of an otherwise functional replacement part or a component of consumer electronic equipment, including a replacement part or a component that the original equipment manufacturer has not approved.
Reduce the functionality or performance of consumer electronic equipment.
Cause consumer electronic equipment to display misleading alerts or warnings, which the owner cannot immediately dismiss, about unidentified parts.
Along with restricting parts pairing, the act dictates that manufacturers must make compatible parts available to device owners through the company or an authorized service provider for the most favorable price and without any "substantial" conditions.
The parts pairing ban applies to any devices first built or sold in Oregon starting in 2025. However, the law backdates general coverage of electronics to 2015, except for cell phones. Oregon's mobile devices purchased starting July 2021 count — a stipulation in line with California's and Minnesota's Right to Repair bills.
This article originally appeared on Engadget at https://www.engadget.com/oregons-new-right-to-repair-bill-targets-anti-repair-practices-143001457.html?src=rss
The White House has announced an investigation into cars built in China and other unnamed "countries of concern." The Biden administration notes that cars are "constantly connecting" with drivers' phones, other vehicles, American infrastructure and their manufacturers, and that newer models use tech such as driver assist systems.
"Connected vehicles collect large amounts of sensitive data on their drivers and passengers; regularly use their cameras and sensors to record detailed information on US infrastructure; interact directly with critical infrastructure; and can be piloted or disabled remotely," the White House said in a statement. Officials are concerned that "new vulnerabilities and threats" could arise from connected vehicles if foreign governments are able to access data from them. They are especially wary that said countries of concern could use such information in ways that put national security at risk.
The Department of Commerce will lead the investigation. "We need to understand the extent of the technology in these cars that can capture wide swaths of data or remotely disable or manipulate connected vehicles, so we are soliciting information to determine whether to take action under our ICTS [information and communications technology and services] authorities," Commerce Secretary Gina Raimondo said.
Through its advance notice of proposed rulemaking [PDF], the agency is looking for feedback from the public to help determine "the technologies and market participants that may be most appropriate for regulation." The investigation will help the Commerce Department decide whether to take action. It's the first time that the agency's Bureau of Industry and Security is carrying out an investigation under Trump-era Executive Orders "focused on protecting domestic information and communications technology and services supply chains from national security threats," the White House said.
"China is determined to dominate the future of the auto market, including by using unfair practices. China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch," President Joe Biden said. "Connected vehicles from China could collect sensitive data about our citizens and our infrastructure and send this data back to the People’s Republic of China. These vehicles could be remotely accessed or disabled."
As The Washington Post points out, cars built in China aren't especially common on US roads as yet, but they're becoming an increasingly familiar sight in other markets, such as Europe. While many of the vehicles that are causing concerns are EVs, its cars' cameras, sensors and software that are the focus of the probe.
It's not the first time that the US has investigated Chinese companies over concerns that they pose security risks to the country's infrastructure. A few years ago, it banned the import and sale of telecom networking equipment made by Huawei and ZTE (after stopping government employees from using the companies' phones). The government also required telecoms to remove and replace Huawei and ZTE gear in existing infrastructure at great expense.
This article originally appeared on Engadget at https://www.engadget.com/the-us-will-investigate-cars-built-in-china-over-security-concerns-155037465.html?src=rss
The White House has announced an investigation into cars built in China and other unnamed "countries of concern." The Biden administration notes that cars are "constantly connecting" with drivers' phones, other vehicles, American infrastructure and their manufacturers, and that newer models use tech such as driver assist systems.
"Connected vehicles collect large amounts of sensitive data on their drivers and passengers; regularly use their cameras and sensors to record detailed information on US infrastructure; interact directly with critical infrastructure; and can be piloted or disabled remotely," the White House said in a statement. Officials are concerned that "new vulnerabilities and threats" could arise from connected vehicles if foreign governments are able to access data from them. They are especially wary that said countries of concern could use such information in ways that put national security at risk.
The Department of Commerce will lead the investigation. "We need to understand the extent of the technology in these cars that can capture wide swaths of data or remotely disable or manipulate connected vehicles, so we are soliciting information to determine whether to take action under our ICTS [information and communications technology and services] authorities," Commerce Secretary Gina Raimondo said.
Through its advance notice of proposed rulemaking [PDF], the agency is looking for feedback from the public to help determine "the technologies and market participants that may be most appropriate for regulation." The investigation will help the Commerce Department decide whether to take action. It's the first time that the agency's Bureau of Industry and Security is carrying out an investigation under Trump-era Executive Orders "focused on protecting domestic information and communications technology and services supply chains from national security threats," the White House said.
"China is determined to dominate the future of the auto market, including by using unfair practices. China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch," President Joe Biden said. "Connected vehicles from China could collect sensitive data about our citizens and our infrastructure and send this data back to the People’s Republic of China. These vehicles could be remotely accessed or disabled."
As The Washington Post points out, cars built in China aren't especially common on US roads as yet, but they're becoming an increasingly familiar sight in other markets, such as Europe. While many of the vehicles that are causing concerns are EVs, its cars' cameras, sensors and software that are the focus of the probe.
It's not the first time that the US has investigated Chinese companies over concerns that they pose security risks to the country's infrastructure. A few years ago, it banned the import and sale of telecom networking equipment made by Huawei and ZTE (after stopping government employees from using the companies' phones). The government also required telecoms to remove and replace Huawei and ZTE gear in existing infrastructure at great expense.
This article originally appeared on Engadget at https://www.engadget.com/the-us-will-investigate-cars-built-in-china-over-security-concerns-155037465.html?src=rss
The two primary fears around AI are that the information these systems produce is gibberish, and that it'll unjustly take jobs away from people who won't make such sloppy mistakes. But the UK's current government is actively promoting the use of AI to do the work normally done by civil servants, including drafting responses to parliamentary inquiries, the Financial Times reports.
UK Deputy Prime Minister Oliver Dowden is set to unveil a "red box" tool that can allegedly absorb and summarize information from reputable sources, like the parliamentary record. A separate instrument is also being trialed that should work similarly but with individual responses to public consultations. While it's unclear how quickly the AI tool can perform this work, Dowden claims it takes three months with 25 civil servants. However, the drafts would allegedly always be double-checked by a human and include sourcing.
The Telegraph quoted Dowden arguing that implementing AI technology is critical to cutting civil service jobs — something he wants to do. "It really is the only way, I think, if we want to get on a sustainable path to headcount reduction. Remember how much the size of the Civil Service has grown as a result of the pandemic and, and EU exit preparedness. We need to really embrace this stuff to drive the numbers down." Dowden's statement aligns with hopes from his boss, Prime Minister Rishi Sunak, to use technology to increase government productivity — shockingly, neither person has offered to save money by giving AI their job.
Dowden does show some restraint against having AI do everything. In a pre-speech briefing, he noted that the government wouldn't use AI for any "novel or contentious or highly politically sensitive areas." At the same time, the Cabinet Office's AI division is set to grow from 30 to 70 employees and to get a new budget of £110 million ($139.1 million), up from £5 million ($6.3 million).
This article originally appeared on Engadget at https://www.engadget.com/uk-government-wants-to-use-ai-to-cut-civil-service-jobs-140031159.html?src=rss
The two primary fears around AI are that the information these systems produce is gibberish, and that it'll unjustly take jobs away from people who won't make such sloppy mistakes. But the UK's current government is actively promoting the use of AI to do the work normally done by civil servants, including drafting responses to parliamentary inquiries, the Financial Times reports.
UK Deputy Prime Minister Oliver Dowden is set to unveil a "red box" tool that can allegedly absorb and summarize information from reputable sources, like the parliamentary record. A separate instrument is also being trialed that should work similarly but with individual responses to public consultations. While it's unclear how quickly the AI tool can perform this work, Dowden claims it takes three months with 25 civil servants. However, the drafts would allegedly always be double-checked by a human and include sourcing.
The Telegraph quoted Dowden arguing that implementing AI technology is critical to cutting civil service jobs — something he wants to do. "It really is the only way, I think, if we want to get on a sustainable path to headcount reduction. Remember how much the size of the Civil Service has grown as a result of the pandemic and, and EU exit preparedness. We need to really embrace this stuff to drive the numbers down." Dowden's statement aligns with hopes from his boss, Prime Minister Rishi Sunak, to use technology to increase government productivity — shockingly, neither person has offered to save money by giving AI their job.
Dowden does show some restraint against having AI do everything. In a pre-speech briefing, he noted that the government wouldn't use AI for any "novel or contentious or highly politically sensitive areas." At the same time, the Cabinet Office's AI division is set to grow from 30 to 70 employees and to get a new budget of £110 million ($139.1 million), up from £5 million ($6.3 million).
This article originally appeared on Engadget at https://www.engadget.com/uk-government-wants-to-use-ai-to-cut-civil-service-jobs-140031159.html?src=rss
In a followup to a tentative ruling made in December, a federal judge has ordered Elon Musk to comply with the U.S. Securities and Exchange Commission's (SEC) subpoena and testify again in its probe of his Twitter takeover, Reuters reports. Per the order, which was filed Saturday night in a California court, Musk and the SEC now have a week to work out a time and place for his appearance or it will be decided for them. The SEC has been investigating Musk’s purchase of Twitter, now X, since 2022 over concerns about his lateness in disclosing his stake in Twitter.
The order comes after Musk failed to appear for a testimony in September and later refused to attend a rescheduled interview, prompting the SEC to sue. US Magistrate Judge Laurel Beeler sided with the SEC after Musk tried to challenge its subpoena, which he claims is seeking irrelevant information and is harassment, as he’s already been interviewed twice. But, the SEC says it has obtained new documents in relation to the probe and has further questions for the X owner. Musk also argued that the subpoena exceeds the SEC’s authority because it was issued by a staff member appointed by the SEC’s Director of Enforcement. Beeler struck these arguments down, ruling that the subpoena is valid.
This article originally appeared on Engadget at https://www.engadget.com/court-orders-elon-musk-to-testify-in-the-secs-investigation-of-his-twitter-takeover-193303461.html?src=rss
Even NASA is not immune to layoffs. The agency says it's cutting around 530 employees from its Jet Propulsion Laboratory (JPL) in California amid budget uncertainty. That's eight percent of the facility's workforce. JPL is laying off about 40 contractors too, just weeks after imposing a hiring freeze and canning 100 other contractors. Workers are being informed of their fates today.
"After exhausting all other measures to adjust to a lower budget from NASA, and in the absence of an FY24 appropriation from Congress, we have had to make the difficult decision to reduce the JPL workforce through layoffs," NASA said in a statement spotted by Gizmodo. "The impacts will occur across both technical and support areas of the Lab. These are painful but necessary adjustments that will enable us to adhere to our budget allocation while continuing our important work for NASA and our nation."
Uncertainty over the final budget that Congress will allocate to NASA for 2024 has played a major factor in the cuts. It's expected that the agency will receive around $300 million for Mars Sample Return (MSR), an ambitious mission in which NASA plans to launch a lander and orbiter to the red planet in 2028 and bring back soil. In its 2024 budget proposal, NASA requested just under $950 million for the project.
“While we still do not have an FY24 appropriation or the final word from Congress on our Mars Sample Return (MSR) budget allocation, we are now in a position where we must take further significant action to reduce our spending,” JPL Director Laurie Leshin wrote in a memo. "In the absence of an appropriation, and as much as we wish we didn’t need to take this action, we must now move forward to protect against even deeper cuts later were we to wait."
NASA has yet to provide a full cost estimate for MSR, though an independent report pegged the price at between $8 billion and $11 billion. In its proposed 2024 budget, the Senate Appropriations subcommittee ordered NASA to submit a year-by-year funding plan for MSR. If the agency does not do so, the subcommittee warned that the mission could be canceled.
That's despite MSR having enjoyed success so far. The Perseverance rover has dug up some soil samples that contain evidence of organic matter and would warrant closer analysis were NASA able to bring them back to Earth. The samples could help scientists learn more about Mars, such as whether the planet ever hosted life.
This article originally appeared on Engadget at https://www.engadget.com/nasas-jet-propulsion-laboratory-is-laying-off-570-workers-185336632.html?src=rss
A Microsoft manager claims OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (similar to those that recently targeted Taylor Swift). GeekWirereported Tuesday the company’s legal team blocked Microsoft engineering leader Shane Jones’ attempts to alert the public about the exploit. The self-described whistleblower is now taking his message to Capitol Hill.
“I reached the conclusion that DALL·E 3 posed a public safety risk and should be removed from public use until OpenAI could address the risks associated with this model,” Jones wrote to US Senators Patty Murray (D-WA) and Maria Cantwell (D-WA), Rep. Adam Smith (D-WA 9th District), and Washington state Attorney General Bob Ferguson (D). GeekWirepublished Jones’ full letter.
Jones claims he discovered an exploit allowing him to bypass DALL-E 3’s security guardrails in early December. He says he reported the issue to his superiors at Microsoft, who instructed him to “personally report the issue directly to OpenAI.” After doing so, he claims he learned that the flaw could allow the generation of “violent and disturbing harmful images.”
Jones then attempted to take his cause public in a LinkedIn post. “On the morning of December 14, 2023 I publicly published a letter on LinkedIn to OpenAI’s non-profit board of directors urging them to suspend the availability of DALL·E 3),” Jones wrote. “Because Microsoft is a board observer at OpenAI and I had previously shared my concerns with my leadership team, I promptly made Microsoft aware of the letter I had posted.”
A sample image (a storm in a teacup) generated by DALL-E 3
OpenAI
Microsoft’s response was allegedly to demand he remove his post. “Shortly after disclosing the letter to my leadership team, my manager contacted me and told me that Microsoft’s legal department had demanded that I delete the post,” he wrote in his letter. “He told me that Microsoft’s legal department would follow up with their specific justification for the takedown request via email very soon, and that I needed to delete it immediately without waiting for the email from legal.”
Jones complied, but he says the more fine-grained response from Microsoft’s legal team never arrived. “I never received an explanation or justification from them,” he wrote. He says further attempts to learn more from the company’s legal department were ignored. “Microsoft’s legal department has still not responded or communicated directly with me,” he wrote.
An OpenAI spokesperson wrote to Engadget in an email, “We immediately investigated the Microsoft employee’s report when we received it on December 1 and confirmed that the technique he shared does not bypass our safety systems. Safety is our priority and we take a multi-pronged approach. In the underlying DALL-E 3 model, we’ve worked to filter the most explicit content from its training data including graphic sexual and violent content, and have developed robust image classifiers that steer the model away from generating harmful images.
“We’ve also implemented additional safeguards for our products, ChatGPT and the DALL-E API – including declining requests that ask for a public figure by name,” the OpenAI spokesperson continued. “We identify and refuse messages that violate our policies and filter all generated images before they are shown to the user. We use external expert red teaming to test for misuse and strengthen our safeguards.”
Meanwhile, a Microsoft spokesperson wrote to Engadget, “We are committed to addressing any and all concerns employees have in accordance with our company policies, and appreciate the employee’s effort in studying and testing our latest technology to further enhance its safety. When it comes to safety bypasses or concerns that could have a potential impact on our services or our partners, we have established robust internal reporting channels to properly investigate and remediate any issues, which we recommended that the employee utilize so we could appropriately validate and test his concerns before escalating it publicly.”
“Since his report concerned an OpenAI product, we encouraged him to report through OpenAI’s standard reporting channels and one of our senior product leaders shared the employee’s feedback with OpenAI, who investigated the matter right away,” wrote the Microsoft spokesperson. “At the same time, our teams investigated and confirmed that the techniques reported did not bypass our safety filters in any of our AI-powered image generation solutions. Employee feedback is a critical part of our culture, and we are connecting with this colleague to address any remaining concerns he may have.”
Microsoft added that its Office of Responsible AI has established an internal reporting tool for employees to report and escalate concerns about AI models.
The whistleblower says the pornographic deepfakes of Taylor Swift that circulated on X last week are one illustration of what similar vulnerabilities could produce if left unchecked. 404 Mediareported Monday that Microsoft Designer, which uses DALL-E 3 as a backend, was part of the deepfakers’ toolset that made the video. The publication claims Microsoft, after being notified, patched that particular loophole.
“Microsoft was aware of these vulnerabilities and the potential for abuse,” Jones concluded. It isn’t clear if the exploits used to make the Swift deepfake were directly related to those Jones reported in December.
Jones urges his representatives in Washington, DC, to take action. He suggests the US government create a system for reporting and tracking specific AI vulnerabilities — while protecting employees like him who speak out. “We need to hold companies accountable for the safety of their products and their responsibility to disclose known risks to the public,” he wrote. “Concerned employees, like myself, should not be intimidated into staying silent.”
Update, January 30, 2024, 8:41 PM ET: This story has been updated to add statements to Engadget from OpenAI and Microsoft.
This article originally appeared on Engadget at https://www.engadget.com/microsofts-legal-department-allegedly-silenced-an-engineer-who-raised-concerns-about-dall-e-3-215953212.html?src=rss
The National Security Agency’s director has confirmed that the agency buys Americans’ web browsing data from brokers without first obtaining warrants. Senator Ron Wyden (D-OR) blocked the appointment of the NSA’s inbound director Timothy Haugh until the agency answered his questions regarding its collection of Americans’ location and Internet data. Wyden said he’d been trying for three years to “publicly release the fact that the NSA is purchasing Americans’ internet records.”
In a letter dated December 11, current NSA Director Paul Nakasone confirmed to Wyden that the agency does make such purchases from brokers. "NSA acquires various types of [commercially available information] for foreign intelligence, cybersecurity, and other authorized mission purposes, to include enhancing its signals intelligence (SIGINT) and cybersecurity missions," Nakasone wrote. "This may include information associated with electronic devices being used outside and, in certain cases, inside the United States."
Nakasone went on to claim that the NSA "does not buy and use location data collected from phones known to be used in the United States either with or without a court order. Similarly, NSA does not buy and use location data collected from automobile telematics systems from vehicles known to be located in the United States."
An NSA spokesperson told Reutersthat the agency uses such data sparingly but that it has notable value for national security and cybersecurity purposes. "At all stages, NSA takes steps to minimize the collection of US [personal] information, to include application of technical filters," the spokesperson said.
Wyden has called the practice unlawful. "Such records can identify Americans who are seeking help from a suicide hotline or a hotline for survivors of sexual assault or domestic abuse," he said.
The senator urged Director of National Intelligence Avril Haines to order US intelligence agencies to stop buying Americans’ private data without consent. He also asked Haines to direct intelligence agencies to "conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata." Wyden said that any data that does not comply with Federal Trade Commission standards regarding personal data sales should be deleted.
Wyden pointed to an FTC settlement that this month banned a data broker from selling location data. The agency alleged that the information, which it claimed was sold to buyers including government contractors, "could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters."
The FTC stated in its complaint against the broker, formerly known as X-Mode Social, that by "failing to fully inform consumers how their data would be used and that their data would be provided to government contractors for national security purposes, X-Mode failed to provide information material to consumers and did not obtain informed consent from consumers to collect and use their location data."
The settlement was the first of its kind with a data broker. In a statement, Wyden, who has been investigating the data broker industry for several years, said he was "not aware of any company that provides such a warning to users [regarding their consent] before collecting their data."
The issue of US federal agencies buying phone location data isn't exactly new. In 2020, it emerged that Customs and Border Protection had been doing so. The following year, Wyden claimed the Defense Intelligence Agency and the Pentagon bought and used location data from Americans’ phones.
This article originally appeared on Engadget at https://www.engadget.com/nsa-admits-to-buying-americans-web-browsing-data-from-brokers-without-warrants-154904461.html?src=rss