Page 2,304«..1020..2,3032,3042,3052,306..2,3102,320..»

US House passes bill to boost chip manufacturing and R&D – The Register

On Friday the US House of Representatives passed a bill that will to equip America to boost semiconductor production and lift its economy to better compete better with China.

The law bill, called America Competes Act of 2022, includes $52bn in funding to help semiconductor companies build new factories, and to fund research and development.

The draft legislation also earmarks $45bn in funding to boost the supply chain and alleviate problems related to chip shortages, which have hit key sectors, such as consumer electronics and automotive.

The next step is reconciliation with the US Senate's version of the bill, the US Innovation and Competition Act, which passed in last June, before final passage.

In a statement on Friday, US President Joe Biden said, "I look forward to the House and Senate quickly coming together to find a path forward and putting a bill on my desk as soon as possible for my signature. America cant afford to wait."

Biden had been urging the House to pass the bill, last week saying that it will bring manufacturing jobs back the US, and ease semiconductor supply chain bottlenecks, and "create good-paying jobs for all Americans."

But the House passage of the America Competes Act was a one-sided affair with the vote split 222-210 along party lines, with support from Democrats, and Republicans opposing it.

Chip makers, especially Intel and Samsung, have been vocal about quick passage and reconciliation of the House and Senate bills. Both the companies are building new factories Intel is spending $20bn for fabs in Ohio, and Samsung $17bn in Texas and see the semiconductor funding as incentivizing their investments.

In a tweet on Friday, Intel CEO Pat Gelsinger lauded progression of the act. In an earnings call last week, Gelsinger said he had spoken at length on the topic with House Speaker Nancy Pelosi (D-CA) ahead of the floor debate, adding, "I'd say everybody is now more optimistic on this coming across the line in the near future."

In a tweet on Friday, Pelosi said the act "helps to address supply chain disruptions while creating good-paying union jobs for American families with $52bn in investments in facilities and equipment to produce American-made semiconductor chips."

House Minority Leader Kevin McCarthy (R-CA) earlier this week criticized the bill as not being tough enough on China, bringing up that the Middle Kingdom was where COVID-19 originated, and that throwing billions of dollars at the chip world would negatively impact the US economy and further raise prices of products.

But the semiconductor industry is happy.

We urge leaders in the House and Senate to work together promptly on a bipartisan, bicameral competitiveness bill ... that can be passed by both chambers and signed into law by the president. Getting this legislation across the finish line will help strengthen US chip production and innovation for many years to come, said John Neuffer, president and CEO of chip consortium Semiconductor Industry Association, in a statement.

The United States today has only a 12 per cent share of the global semiconductor manufacturing capacity, decreasing from 37 per cent in 1990, largely due to substantial government incentives, according to SIA. US investment in semiconductor research has been flat as a share of GDP, while other countries have boosted research initiatives to strengthen semiconductor capabilities.

The bill ensures access of grants for equipment and materials suppliers, which will strengthen the semiconductor supply chain in the US and attract new manufacturing facilities, said Ajit Manocha, president and CEO of SEMI, in a statement to The Register. SEMI represents semiconductor organizations worldwide.

"The bill will also bolster workforce development programs, helping to equip workers with the skills needed in todays semiconductor industry. We look forward to working with Congress and the Biden Administration to enact this funding into law, Manocha said.

See more here:
US House passes bill to boost chip manufacturing and R&D - The Register

Read More..

Worried about occasional npm malware scares? It’s more common than you may think – The Register

Malware gets spotted in GitHub's npm registry every few months, elevating concerns about the software supply chain until attention gets diverted and worries recede until the next fire drill.

Incidents like the sudden removal of left-pad from npm in 2016 or the subversion of faker.js and colors.js last month get noticed, but much of the mischief on npm flies under the radar.

WhiteSource, a security firm based in Israel, says that in 2021, it detected 1,300 malicious npm packages. It reported them to npm, which subsequently removed the malware without fanfare.

The npm registry is an online repository for distributing code packages that provide ready-made functions to developers using JavaScript and related languages. Because npm is open to anyone, and allows code uploads without rigorous review, malicious code shows up from time to time and those overseeing the registry are then obligated to make some effort to remove the code and minimize the damage.

The potential for damage is significant because npm packages often include other packages as dependencies, so a given app may have several layers of potential attack surface. As one 2019 study [PDF] found, "Installing an average npm package introduces an implicit trust on 79 third-party packages and 39 maintainers."

The situation is similar though less extreme at package registries for other languages like the Python Package Index (PyPI), RubyGems.org, and the Comprehensive Perl Archive Network (CPAN).

The npm registry is larger than its peers, with 1.8 million packages, each of which has an average of about 12 different versions. The closest contender is Java's Maven Central, with about 457,000 packages at the moment.

WhiteSource, in a report titled "Popular Javascript Package Registry Is a Playground For Malicious Actors," summarizes what it found in the 1,300 malicious packages spotted last year by company researchers.

The npm registry receives some 17,000 new packages daily or 6.2 million over the course of a year. And while finding 1,300 bad apples among the new and the preexisting packages during that time period shows that poisoned packages are rather rare overall, there's still reason to be concerned given the consequences of being victimized.

"A worrying fact is that almost 14 per cent of all the packages detected were designed to steal sensitive information like credentials and other data present in environment variables," the WhiteSource report says.

Most of the malware detected (~82 per cent) is designed for reconnaissance gathering information that may be useful for targeting future attacks. Just over 2 per cent of the malware was crafted for remote code execution.

The company notes that while most of the malicious packages detected have no specific target, some, like @grubhubprod/cookbook, clearly have a specific victim in mind.

"This package and a couple of similar ones were used in an attempt to get into the company, Grubhub," the report says. "The probable vector of this attack was the dependency confusion approach. Upon installation of this package, it would intercept all available environment variables data and send it to a remote location."

The company makes a number of recommendations, which largely boil down to not trusting packages blindly, paying attention to changes, and generally taking reasonable precautions. And if history is any guide, these will largely be ignored.

The npm registry, however, looks likely to avoid the risk of noncompliance by making security a requirement, at least in the context of login authentication. On Tuesday, Myles Borins, staff product manager for open source at GitHub, announced mandatory use of two-factor authentication (2FA) for the maintainers of the top 100 npm packages, as measured by dependents. Obligatory 2FA will eventually be required for all those publishing packages via npm.

GitHub is also working on implementing WebAuthn for hardware security keys; both of these initiatives make it less likely that miscreants will be able to hijack the accounts of those maintaining popular packages in order to push poisoned updates to a mass audience.

"We are committed to improving the security of the JavaScript and broader open source supply chain," explained Borins. "As we make progress on larger initiatives like WebAuth and enrolling all high-impact package maintainers in 2FA, we will continue to make smaller iterative improvements in the registry."

More here:
Worried about occasional npm malware scares? It's more common than you may think - The Register

Read More..

America’s EARN IT Act attacking Section 230 is back and once again threatening the internet, critics say – The Register

The EARN IT Act, a legislative bill intended "to encourage the tech industry to take online child sexual exploitation seriously" has been revived in the US Senate after it died in committee back in 2020.

And advocacy groups have once again decried the bill for threatening free speech and access to encryption, and for imperiling the liability protection that allows online service providers to host third-party content. In other words, the bill's reception has been much the same as it was two years ago.

US Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT) on Tuesday reintroduced the bill [PDF] claiming that online service providers are disinterested in keeping child sexual abuse material (CSAM) off their platforms.

"Tech companies have long had ready access to low-cost, or even free tools to combat the scourge of child sexual abuse material but have failed to act," said Blumenthal in a statement. "Millions of these horrifying images go unidentified and unreported by the tech platforms that host them because there are so few consequences when these companies look the other way. That ends with the EARN IT Act."

The EARN IT ACT, which stands for Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, removes the liability protection afforded to internet services under Section 230 of the Communications Decency Act in the context of CSAM.

Section 230 largely protects online service providers from being held responsible for what their users do; removing protection where CSAM is involved would open service providers to costly litigation and liability for failing to police their customers.

The bill also creates a government panel responsible for developing best practices for content policing, though these would not be legally binding obligations.

The bill's backers posit that big tech firms ignore CSAM, though that's clearly not the case. Google, for example, says it made 3.4 million reports to the National Center for Exploited and Missing Children (NCMEC) during the first half of 2021 and disabled more than 129,000 accounts during this period.

Meta (Facebook) says it took action on 20.9 million instances of CSAM in Q3 2021. Social media companies do actually have an incentive to prevent ad customer product pitches from appearing next to child abuse images or the like, and they spend money to do it.

Despite such evidence, the lawmakers supporting the bill contend that exposing companies to legal liability for allowing CSAM on their services will make them even more attentive, a claim critics of the bill dispute.

"The EARN IT Act assumes that Internet companies could do more to fight CSAM, but Section 230 reduces their motivation to do so," wrote Eric Goldman, law professor at Santa Clara University, in a blog post back in 2020. "Any such assumption is unquestionably false. Internet services have always treated CSAM as toxic content."

More likely, Goldman argued, what the bill will do, if it becomes law, is either encourage overbroad censorship to reduce the chance of being sued, spur efforts to encrypt everything to prevent awareness of unlawful content, or force companies to shut down to avoid the otherwise unsupportable legal risk.

However, the possibility that the bill will prompt internet providers to censor too broadly for their own protection bodes ill for free speech.

"The EARN IT Act is one of the most poorly conceived and dangerous pieces of Internet legislation I have seen in my entire career, and thats saying a lot," said Evan Greer, director of Fight the Future, in a statement.

"This bill will make children less safe, not more safe. And in the process, it will trample human rights and online free expression, particularly for trans and queer folks."

Greer expressed frustration that Congress has chosen to waste energy on a misguided proposal while failing to actually address the issues raised by large technology platforms, like the need for a federal data privacy law, for meaningful antitrust enforcement, and for curtailing algorithmic harms like biased AI systems.

The Center for Democracy and Technology argues that the bill, despite language that tries to create a safe harbor by ruling out liability solely on the basis of the use of encryption, would still punish encryption.

"Under the new version of the bill, offering users encrypted services can be considered evidence of an intermediarys liability for these claims, even if it cannot be considered an 'independent basis' for that liability," the rights group said in a blog post.

"By dramatically expanding the risk of lawsuits intermediaries will face over user-generated content and their use of end-to-end encryption, the bill will cause intermediaries to over-remove even lawful content and disincentivize them from offering encrypted services, to the detriment of all internet users."

The Chamber of Progress, a "center-left tech industry policy coalition," pointed to the 2018 FOSTA-SESTA legislation as an example of the undesirable consequences that have arisen from meddling with Section 230.

"The last time the Senate chipped away at Section 230, the results were disastrous, said Chamber of Progress CEO Adam Kovacevich, in an emailed statement.

"The EARN It Act goes even farther, giving platforms one of two options: quit moderating content altogether, or enforce invasive content moderation with outsized impacts on LGBTQ people and other marginalized communities. As Democrats, we need to think critically about the harm this legislation could do to groups that have a long history of being excluded and overlooked."

Read the rest here:
America's EARN IT Act attacking Section 230 is back and once again threatening the internet, critics say - The Register

Read More..

Working in Arm’s engineering team? You’re probably happy with your pay rise – The Register

Arm has agreed a pay increase for employees following the scrapping of a wellbeing allowance last year, yet it appears that while engineers were offered an 8 per cent jump, other types of worker fared less well.

As revealed by The Register in May 2021, Arm ended its FlexPot scheme, an annual allowance granted to employees and fixed-term contract workers, a move seen by some as effectively being a pay cut.

The chip designer had also imposed an engineering hiring freeze that meant departments around the world were blocked from hiring new staff, even to fill any vacancies caused by employees leaving the firm.

The hiring freeze was expected to last until the current owners Softbank sold Arm to US chipmaker Nvidia. At the time, this was anticipated to be done and dusted by April 2022, however the sale is delayed due to regulatory concerns and doubts were recently cast over whether the transaction will even go ahead at all.

Perhaps in response to the delays, Arm CEO Simon Segars wrote to staff late last year saying he has spoken to Softbank about rewards.

"This was in the context of the demand for Arm talent and the pace at which wages are increasing, and it is also something that many of you rightly raised as an area we needed to look at," he said in the email that was seen by us.

As an extraordinary pay rise and in advance of an Annual Pay Review in April staff were given a salary increase for 1 January "based on wage inflation in their location, the type of work they do and the level of competition for their role in the market."

According to company insiders, Arm agreed a pay increase of 8 per cent for staff working in its engineering teams. Research teams were offered 6 per cent, and those working in IT, administration and finance got 4 per cent.

Many will regard it as only natural that Arm should reward most the engineering brains that the company depends upon for its continued success, especially during a difficult period when some might be tempted to jump ship. However, it seems that some employees at the company believe that this is a tactic which penalises lower paid employees, for whom the loss of FlexPot has had a greater impact.

"Arm engineers are relatively well paid," said a source close to the company.

Before cancellation, the FlexPot allowance stood at 4,500 per person for UK staff, and $8,500 in the US. This could be used to support an employee and their family's health and financial wellbeing in any number of ways.

In a statement, the company told us: "Arm operates in an industry where competition for talent is intense, and our people are core to our success. Arm regularly reviews employee reward and makes updates as needed to ensure that our package is competitive across locations and job types."

According to the email from Segars: "The Annual Bonus remains with the current design of 100 per cent maximum company performance, and we are tracking towards achieving this... this is the first in a series of reward updates. In addition to our usual Annual Review, Annual Bonus, Partnership Awards and Partnership Award Accelerators, there will be further updates."

Segars signed off by saying: "Arm is an incredible company with a bright future. I know it's been a tough year, but we've achieved great things together, our strategy is working, and our partners want more and more from us."

Meanwhile, the situation at Arm has now attracted the attention of union Unite's Cambridge Engineering Branch, which claims that with the UK retail price inflation (RPI) measure currently somewhere in the region of 7.1 per cent, a pay increase of just 4 per cent actually represents a real-terms pay cut for those employees that have been offered this amount.

In a Facebook posting that seems aimed at recruiting Arm staff, Unite lays out its official grievance and states that it believes all employees should have been awarded an 8 per cent uplift, taking into account the loss of the FlexPot scheme and the impact of inflation on the cost of living.

All in all, it looks like 2022 will be an interesting year for Arm. The firm may or may not be sold to GPU giant Nvidia, and if that deal falls through, it may or may not be spun out by current owner SoftBank through an IPO. On top of all this, it looks like it may have to contend with disgruntled employees.

Continue reading here:
Working in Arm's engineering team? You're probably happy with your pay rise - The Register

Read More..

Whistleblower claims NSO offered ‘bags of cash’ for access to US phone networks – The Register

Updated A whistleblower's allegations about spyware maker NSO Group should be investigated by American prosecutors, US House Rep Ted Lieu (D-CA) has said.

The informant claimed senior NSO executives offered "bags of cash" to California-based telecoms security and monitoring outfit Mobileum to assist in its surveillance work, according to the Washington Post on Tuesday.

Specifically, it's alleged NSO wanted to gain, with Mobileum's help, Signaling System 7-level access to US cellular networks, a position that can be abused to determine a cellphone's location, redirect and read its incoming text messages, snoop on calls, and more. SS7 is the glue between telecommunications providers, and subverting it opens up a wealth of opportunities for spies and miscreants.

Gerry Miller, who spent over six years at Mobileum and rose to veep of network security and client solutions, claimed that in August 2017, when asked how Mobileum would get paid, NSO co-founder Omri Lavie said: We drop bags of cash at your office.

No business was undertaken with Mobileum, NSO said in a statement. Mr Lavie has no recollection of using the phrase bags of cash, and believes he did not do so. However if those words were used, they will have been entirely in jest.

Also apparently on the call was Eran Gorev of private-equity biz Francisco Partners, which had a majority stake in NSO, before reportedly selling the biz back to the founders in 2019. Gorev offered a very similar statement.

If such a meeting actually took place, I would absolutely never make a comment like this," he said. "If someone else made that comment, it would clearly have been made in jest and a colloquial expression or cultural misunderstanding.

Both Mobileum and NSO Group denied they had any kind of business relationship.

Miller complained about NSO's intentions to the FBI's whistleblower tip line in 2017 and, after receiving no response, he filed a more detailed report to the Dept of Justice, copying in the FCC and SEC. He also shared his report with Congressman Lieu, a Democratic member of the US House of Representatives who has a computer science degree.

"The NSO Group, which sells phone hacking software, tried to gain access to cellular networks by offering 'bags of cash', according to a whistleblower," Lieu tweeted Tuesday, adding that he has asked US prosecutors to look into the claims.

"I made a criminal referral to the Justice Dept," he noted. Lieu also said "no one's phone is safe," due to the insecurities of the SS7 protocol.

It's certainly not a good time for NSO. In November, the US Department of Commerce put the Israeli software maker on Uncle Sam's Entity List, making it all but impossible for the outfit to legally do business with American companies, following revelations that its Pegasus spyware was being used to snoop on people. Legislators are calling for further sanctions against the surveillance company as well.

Meanwhile, weeks after the Dept of Commerce took action, Apple sued what it called the "amoral 21st century mercenaries" at NSO for infecting iPhones and breaking Cupertino's terms and conditions. A similar lawsuit from Meta over WhatsApp hacking is also going through the courts.

"Mobileum does not have - and has never had - any business relationship with NSO Group," a Mobileum spokesperson told The Register.

"Mobileum does not have any direct access to the customers network and is unable to provide any kind of access, including SS7 access, to any third party. Mobileums products work towards the benefit of the operator, and not to their or their subscribers detriment."

Read more:
Whistleblower claims NSO offered 'bags of cash' for access to US phone networks - The Register

Read More..

The Hidden Failure of the World’s Biggest Privacy Law – Gizmodo

Photo: Daniel Leal (Getty Images)

This week, European authorities struck a massive blow to the digital data-mining industrial complex with a new ruling stating that, quite simply, most of those annoying cookie alert banners that sites were forced to onboard en masse after GDPR was passed havent... actually been compliant with GDPR. Sorry.

The ruling, announced on Wednesday by Belgiums Data Protection Authority, comes at the tail-end of a years-long investigation into one of the biggest advertising trade groups in EU, Interactive Advertising Bureau Europe (or IAB Europe, for short). In 2019, about a year after GDPR rolled out, the Data Protection Authority reports it started getting a stream of complaints against the IAB for breaching various provisions of the GDPR and countless peoples privacy with the technical standards it created to govern those consent pop-ups.

Now, three years later, it looks like those tips were right; the Authority fined IAB Europe $280,000, ordered the group to appoint a data protection officer, and gave a two-month deadline to get its tech into compliance. Any data that the group collected from this illicit tech also needs to be deleted.

The ruling is great news for privacy buffs that have been calling out those ugly, oftentimes downright manipulative cookie pop-ups from the get-go, but its also not necessarily a surprise. In an apparent attempt to get ahead of the bad press, IAB Europe issued a statement last November that the upcoming ruling would apparently identify infringements of the GDPR by IAB Europe, but that those infringements would be fixable, and those cookie consent banners would keep on chugging within months of the Belgium ruling.

But that statement came in 2021. For those who work on the so-called sell-side of the digital ad industrytech operators who work hand-in-hand with digital media outlets and other sites across the webthis decision was inevitable. I spoke with three of these industry experts, all of whom asked to not be cited by name for fear of professional retribution thanks to the sway IAB holds over the industry.

While the ruling showed that GDPR is very much still in effect, it doesnt do a lot to explain how blatant some of these infringements were, or how loudly critics inside the industry had been raising red flags. Simply put, when the GDPR asked the adtech industry to get consent from users before tracking them, the IAB responded with a set of guidelines with loopholes large enough that data could still get through, anyway, without consent. And now that these practices are out in the public, nobody seems sure how to make them stop.

But to really explain how IAB Europe fell afoul of GDPR is complicated, even by adtechs already impossibly confusing standards. So instead, Im going to explain it using an analogy that pretty much everyone can understand: a bad date.

I know it sounds wild to compare a sweeping piece of European tech legislation to someones nightmare Tinder experience, but both are centered around the same thing: consent. Thats why regulatory types will often champion GDPR as the gold standard of privacy lawswhile laws like CPRA in the U.S. allow people to claw back their data from the companies after theyve mined it, the California law doesnt change the fact that this mining happened in the first place, regardless of whether users wanted it to happen or not. GDPR, on the other hand, mandates that sites obtain users consent to track them before that tracking happens, the same way a decent date would (hopefully) ask to make out before slobbering all over you at the bar.

On paper, consent is just an agreement between two people (or a person and a website). But your Tinder date might have different thoughts about what an agreement means than you do. If they ask to do some slobbering and you brush it off with a laugh, they might take that lack of no as a yes. They might also ply you with drinks or intimidate you into getting out the yes theyre looking for, which isand I cant stress this enoughnot consent. And even if you cant articulate whatconsent looks like in the moment, you probably know in your gut what it feels like: Consent is a yes thats unambiguous and freely given.

Thats exactly how GDPR defines the term, too. In order for a site to track you, Article 4 of the regulation notes that it needs to obtain a freely given, specific, informed and unambiguous indication of the data subjects wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. And no pre-ticking consent boxes, either, buster.

But that little tick is, quite literally, just a tiny pile of snow at the top of a massive iceberg. On every page youre visiting, there could be a few, or dozens, or even hundreds of tiny tech companies working together to take whatever data gets exposed through the webpage youre visiting into some kind of targeted ad. By the time that annoying ad for some ugly t-shirt pops up on a blog youre reading, there have already been countless algorithmic bidding wars on that ad spacethe spot on the page where an ad appearsthat are each their own Olympic feats of Big Tech gymnastics. If this all wasnt so invasive and upsetting, it would almost be kind of impressive.

This is just a basic setup. Some sites can have dozensor even hundredsof players plugged in at a time Graphic: ad-exchange.fr (Getty Images)

In other words, the way web tracking works isnt really like a single guy being a sleaze at the bar; its more like a conga line of sleazes. And in order to get your consent, this Tinder guy (lets call him Devin) that you just met is being legally required to go with you down the row and, one by one, consent to smooching up on each of these other guys before a single smooch could ever happen.

You might be thinking, Geez, if I was the Devin in this scenario, Id just give up on getting consent for all my weird friends, and just try to be sleazy on someone with lower standards. And youre not alone! In the leadup to GDPR going into effect, countless recipe blogs, news outlets, and just regular-old personal blogs looked at this seemingly impossible standard EU regulators were now mandating from them and just... panicked. Who could blame them?

The thing that almost every publisher was worried about was that they were going to do all this work and get hit by regulators anyway, said one adtech engineer who also asked to remain anonymous out of fear of retribution from the IAB. The language of the law didnt get clear about how the technical method was supposed to work, what you could or couldnt block off, what level of ID you were allowed to ask a user for, etc.

Rather than try to parse a law that was, as he put it, both not specific enough and too specific, to actually be effective, some publishers just left. In GDPRs immediate aftermath, more than 1,000 news sites were suddenly unavailable trying to visit from the EU, with the bulk being smaller, local outlets, according to a list that one researcher compiled at the time. Thats not a coincidence; while the New York Timeses and Washington Posts could afford a legal team and tech setup to stay put without being threatened with GDPRs massive fines, local outlets were already struggling.

But this still left countless websites active in the EU that needed consent from their visitors once GDPR came into force. Enter the IAB. Because a lot of adtech is pretty much unregulated, the massive influential trade group has come to be accepted as the one to set the guidelines for advertisers, publishers, and everyone else to follow in order to keep them from running afoul of privacy laws. Both the IAB and its European wing are really, really serious about lobbying, which means thatideallythe organization would know exactly what makes these laws tick, and how the industry could accommodate them.

So, naturally, IAB Europe was responsible for coming up with the standards for websites that wanted to obtain user consent without effectively breaking their site in the process. And then, according to the industry experts I spoke with, they kept waiting. In April 2018literally a month before GDPR was set to come into effectIAB Europe debuted its new standards: the so-called GDPR Transparency and Consent Framework (or TCF) that websites were told would collect consent in a comprehensive, standardized way, while also funneling that consent back to the third-party partners each site works with.

This framework, to be blunt, looked like a hot mess. There were a few glaring issues critics pointed right off the bat, but one of the biggest was that the framework encouraged sites to bundle all their requests for consentfrom every third party they work withunder a single accept all button, without the need to actually disclose every one of the many, many partners that were hiding under that button.

In other words, these guidelines suggested that Devin just hide all his buddies inside a trench coat, with the implicit understanding that if you agreed to smooch him, youd agree to smooch all of them, too. But thats not how consent works IRL, and thats not how consent is supposed to work under GDPR.

So, when these new TCF specs were dropped in their laps with a month to go before European laws changed in major ways, website operators were faced with a pretty crummy choice: go through the expensive and mind-numbing legal process of bringing their site to compliance on their own, or going with what the IAB was presenting.

As one person in charge of advertising revenue at a major publication put it, IABs standards seemed bent on adhering to the letter of the law while ignoring the spirit of the law. Another industry expert thought the TCF standards seemed purposefully complicated to allow publishers to skirt regulation.

But without other options, publishersbegrudgingly or otherwisedecided to follow the TCF standards anyway. As one expert explained, the implicit understanding was that if anyone would take the fall for shoddy privacy compliance, it would be the IAB, and not them. And so far, at least, thats exactly whats happened. While the Data Protection Authority fined IAB Europe, it hasnt gone after publishers themselves, even though theyre also breaking GDPR by using the TCF standards.

To follow the framework, publishers were required to onboard another third-party piece of ad software called a consent management platform, or CMP, that would be responsible for collecting consent from users and beaming it where it needed to go. Those CMPsand there are dozens of different onesneed to be registered with the IAB for compliance purposes, which also means forking over a roughly $1,700 fee upfront, and again each year theyre on the list.

These CMPs are the ones responsible for plopping the dreaded cookie banner on the site. Behind the scenes, when you press yes or no on a sites request to track you, that choice gets stored in the form of a consent string on your browser. Unless you clear your browser cache (which, lets be honest, you should probably do), that webpage will load up that string every time you visit and pass it on to any third parties involved with serving an ad on the siteyou know, that aforementioned chain of sleazy dudes.

Pretty quickly, though, it became clear that the rules laid out by TCF werent going to cut it, and the cookie banners created in its wake were blatantly violating some of GDPRs core rules in all sorts of shady ways. Some would share peoples consent preferences on a single site with every company that was partnered with the IAB, while others would leave site visitors with the option to accept cookies, but not the option to reject them. Others would just not work at all.

What eventually brought Google onboard was the IABs new and improved TCF 2.0, which debuted about a year and a half after GDPR rolled out. We wont go into every change (you can read about those here), but in a nutshell: This new framework promised more power to publishers, more privacy to end-users, and less of a legal shitshow overall. But when digital advertising is a field thats flush with hundreds of billions of dollars per year and not nearly enough legal oversight, bad actors are going to be bad. Dark patterns continued to be dark even with the update, and middlemen further down the daisy chain from the CMP started offering alternatives meant to bypass these cookie banners entirely, meaning that the need for consentwhich, again, is the core tenant of GDPRwould no longer be part of the equation.

In some absolutely cursed scenarios, CMPs began forging consent signals from end-usersliterally turning their requests not to be tracked into a yes, please track mewith nobody, even the IAB, checking in initially. Even after the trade group started auditing the vendors it worked with last fall, researchers outside the adtech sphere found that consent fraud was still very much happening, with seemingly no easy way to get bad actors to stop.

As one adtech executive speaking about the issue to Digiday put it, not many businesses are incentivized to completely clamp down on it because everyones motivations are commercial. No one gets a bonus for being legally compliant, they get a bonus for hitting their numbers. Its a frustration for any exchange thats following the rules because it puts them at a massive commercial disadvantage. Were sticking to the IABs rules, but it is hurting us to do so.

You could say their dilemma is a microcosm of regulators attemptsin the EU and abroadto get the digital data industrial complex under control. When regulators set standards that are too tough for anyone to practically follow, talking heads within the industry create their own response that ticks every legal box while also enabling anyone creative enough to continue with business as usual anyway. And when publishers are literally stuck between too easy to cheat, and impossible to adhere to, which one do you think theyll choose?

The full ruling against IAB Europe doesnt address the bad behavior of these downstream parties. Instead, its going after IAB Europes awful standards, and its consent strings, specifically. Contrary to IAB Europes claims, the Litigation Chamber of the BE DPA found that IAB Europe is acting as a data controller with respect to the registration of individual users consent signal, objections and preferences by means of a unique Transparency and Consent (TC) String, which is linked to an identifiable user, the Authority wrote in a statement about the new ruling. This means that IAB Europe can be held responsible for possible violations of the GDPR.

Based on this, the Authority was finally able to go after the IAB directly for what it describes as a flurry of infractions. For starters, the ruling alleges that IAB Europe failed to establish any sort of legal basis for the processing of these consent strings under GDPR, and failed to keep that data confidential, by GDPR standards, once it was collected. On top of that, the new ruling agrees with the same complaints a lot of us have had about those cookie pop-ups for years: Theyre too vague, too hard to opt-out of, and just clearly dont do what theyre promised to do.

The information provided to users through the CMP interface is too generic and vague to allow users to understand the nature and scope of the processing, especially given the complexity of the TCF, the Authority wrote, noting how difficult this makes it for any user to actually have the control over their data that GDPR warrants,

So what comes next? Well right now, nobody seems to know. IAB Europe put out a terse statement on the ruling that noted how the group [looks] forward to working with [the Belgian Data Privacy Authority] on an action plan to be executed within the prescribed six months that will ensure the TCFs continuing utility in the market.

As previously communicated, it has always been our intention to submit the Framework for approval as a GDPR transnational Code of Conduct, the group wrote. Todays decision would appear to clear the way for work on that to begin. Well, good luck with that. In the meantime, were stuck with essential parts of the entire ad-serving market in the EU being rendered... entirely illegal. At least for now.

Its impossible to say whats going to come next, but given the adtech industrys lengthy track record of sweeping bad actors under the rug instead of stopping them cold, and with those bad actors facing the huge financial incentive to keep being bad, I think its safe to say thats what theyll keep doing. When a major part of the online economy is just a big race to the bottom, you just need to pray that lawmakers get there first.

Read more here:

The Hidden Failure of the World's Biggest Privacy Law - Gizmodo

Read More..

Environment hiring levels in the mining industry rose in December 2021 – Mining Technology

The proportion of mining industry operations and technologies companies hiring for environment related positions rose significantly in December 2021 compared with the equivalent month last year, with 73.1% of the companies included in our analysis recruiting for at least one such position.

This latest figure was higher than the 47.3% of companies which were hiring for environment-related jobs a year ago but a decrease compared to the figure of 76.1% in November 2021.

When it came to the rate of all job openings that were linked to environment, related job postings dropped in December 2021, with 8.6% of newly posted job advertisements being linked to the topic.

This latest figure was an increase compared to the 3% of newly advertised jobs that were linked to environment in the equivalent month a year ago.

Environment is one of the topics that GlobalData, from whom our data for this article is taken, have identified as being a key disruptive force facing companies in the coming years. Companies that excel and invest in these areas now are thought to be better prepared for the future business landscape and better equipped to survive unforeseen challenges.

Our analysis of the data shows that mining industry operations and technologies companies are currently hiring for environment jobs at a rate higher than the average for all companies within GlobalData's job analytics database. The average among all companies stood at 3.7% in December 2021.

GlobalData's job analytics database tracks the daily hiring patterns of thousands of companies across the world, drawing in jobs as they're posted and tagging them with additional layers of data on everything from the seniority of each position to whether a job is linked to wider industry trends.

You can keep track of the latest data from this database as it emerges by visiting our live dashboard here.

Tyre Repair Equipment and Conveyor Repair Equipment

Read the rest here:

Environment hiring levels in the mining industry rose in December 2021 - Mining Technology

Read More..

Why the mining industry’s boardrooms need to believe in ESG – MINING.COM – MINING.com

Strauss said what will likely become more significant in ESG is the data being relied upon by mining companies.

Implementing ESG strategies to address water consumption and waste management is essential, Strauss told the audience at the AME Roundup conference in Vancouver on Thursday.

A well-touted environmental and social governance system provides objective and transparent methods to management, and the board, and improving stakeholder relationships, Strauss said.

Reliance on quality, consistent data is likely to become a significant differentiator for investment funds, he said. Fund managers are increasingly seeking to see independent assessments that provide not only managements commitment, but also a means to credibly track ESG and for management to set out their organizational, environmental and societal jobs in a clear and consistent way.

Strauss also pointed to blockchain, which although is not related to ESG, he said it can provide the means to validate the origins and providence of the underlying commodity.

Strauss said that blockchain will become the basis for companies to communicate ESG assessments and ensure customers have a record of commitment.

Strauss said that last year, Apple, in its report to the SEC, stated that they had removed over 140 smelters and refiners from their supply chain, as they were unable to validate the responsible sourcing of minerals.

Apples claim of responsible sourcing, which was laughed off as impossible only a few years ago is happening. Blockchain is the conduit to achieving this goal, Strauss said. Every company in the mining industry would be influenced by this to one extent or another.

The takeaway for explorers, Strauss said, is that if they are unable to prove that their company, and exploration site, is enacting ESG, that the economic impact of the discovery will become increasingly moot.

The value of discoveries will no longer rely entirely on geology and metallurgy, but on the prominence of the relationship you have with your stakeholders, and the acceptability of your governance on the wider society, he said.

Strauss said the impact of smelters and refiners being removed from the supply chain is the first step to impact the differential pricing of metals over the coming years.

Those mine sites that can prove their providence will be accepted, he said. Those that cant will find a smaller pool of customers, and therefore the emergence of discount pricing for exactly the same underlying ore.

Providence does not start from ore production, but from the time when the local First Nation group was engaged, or from the moment explorers started drilling, from the time that management tied its compensation to ESG goals.

Originally posted here:

Why the mining industry's boardrooms need to believe in ESG - MINING.COM - MINING.com

Read More..

Maharashtra: Couple Arrested in Thane by Anti-Evasion Wing for GST Evasion of Rs 12 Crore – LatestLY

Thane, February 4:The CGST Thane Anti-Evasion Wing (Mumbai Zone) has arrested a couple from a Thane firm for evading Goods & Services Tax to the tune of Rs 12.23 crore, an official said here on Friday. According to CGST Commissioner Rajan Chaudhary, based on detailed data-mining and data-analysis, a probe was initiated against a suspicious firm, Datalink Consultancy.

The company was detected as providing manpower to various high-profile companies, and it had collected GST from the clients, but had not deposited the same to the government for over a year. The partners of the firm -- a husband-wife couple aged 50 and 48, respectively, were arrested for violating provisions of the Section 132 (d) of the GST Act, 2017, on Thursday. GST Changes From January 1: From Garment Prices to Cab Fares, Here is What is Going To Be Costlier From New Year 2022.

They were presented before a Thane Magistrate who remanded them to judicial custody for 14 days. Chaudhary said that if found guilty, they could face a jail term of up to five years and a penalty. The case was part of a major anti-evasion drive launched by CGST Mumbai Zone against such evaders and scamsters. Mumbai: CA Arrested In Thane For Generating Fake Input Tax Credit of Rs 92 Crore.

During the current campaign, the CGST Thane Commissioner alone detected tax cheating of Rs 1,023 crore, recovered Rs 17 crore in the past five months and arrested 6 persons. Chaudhary said the CGST sleuths use data-mining, data-analysis and network-analysis tools to identify potential evaders and fraudsters, focussing on all sectors like services and digital economy to target and nab the cheats.

(The above story first appeared on LatestLY on Feb 04, 2022 04:56 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).

Read the rest here:

Maharashtra: Couple Arrested in Thane by Anti-Evasion Wing for GST Evasion of Rs 12 Crore - LatestLY

Read More..

Crossing the Wires of Energy and Cryptocurrency Policy: U.S. Congress Investigates the Environmental Impact of Crypto Mining – JD Supra

The rapid adoption of cryptocurrency and other popular blockchain applications has captured our global economys attention. Even as the value of cryptocurrencies slid from their all-time highs, the promise of these digital assets and the infrastructure being developed to support them has been transformative.

As with most emerging technologies, policymakers are still exploring the best approaches to regulating these new digital assets and business models. Questions about consumer protection, security, and the applicability of existing laws are to be expected; however, the environmental impact of these energy-intensive business practices has prompted considerable study and regulatory activity across the globe, including attention in the United States.

To understand the increasing energy demands associated with major cryptocurrencies predominantly, Bitcoin and Ethereum it is important to understand how many cryptocurrencies are generated in the first instance. Many countries, including China, have banned cryptocurrency mining, and, with the United States becoming the largest source of cryptocurrency mining activity, Congress began active investigations and hearings into the energy demands and environmental impacts in January 2022.

Proof of What? Why certain cryptocurrencies create high energy demands.

Not all cryptocurrencies or blockchain platforms, for that matter are created equal in their energy demands. The goal of most major cryptocurrency platforms is to create a decentralized, distributed ledger, meaning that there is no one authority to verify the authenticity of transactions and ensure that assets are not spent twice, for example. There needs to be a trustworthy mechanism a consensus system to verify new transactions, add those transactions to the blockchain, and to confirm the creation of new tokens. Bitcoin alone has well over 200,000 transactions per day,[1] so it should not come as a surprise that these platforms take an enormous amount of processing power to maintain.

There are currently two primary ways that network participants lend their processing power, which are framing part of the modern energy policy debates around cryptocurrency. The first form is proof of work, which is the original method that Bitcoin and Ethereum 1.0 employ. When a group of transactions (a block) needs to be verified, all of the mining computers race to solve a complex math puzzle, and whoever wins gets to add the block to the chain and is rewarded in coins. The competitive nature of proof of work consensus systems has led to substantial increases in computing power provided by institutional cryptocurrency mining operations and, with that, higher energy demands.

The second form is proof of stake, which newer platforms like Cardano and ETH2 use, promises to require considerably less energy to operate. With this method, validators stake their currency for a chance at verifying new transactions and updating the blockchain. This method rewards long-term investment in a particular blockchain, rather than raw computing power. A validator is picked based on how much currency they have staked and how long it has been staked for. Once the block is verified, other validators must review and accept the data before its added to the blockchain. Then, everyone who participated in validating the block is rewarded with coins.

While proof of stake consensus systems are becoming more common, the dominant and most valuable cryptocurrencies are still generated through energy-intensive proof of work systems.

Turning out the lights on Crypto: China bans domestic mining and other countries follow.

China has been incredibly influential in the modern cryptocurrency debate around energy use. For several years, China was the cryptocurrency mining capital of the world, providing an average of two-thirds of the worlds processing power dedicated to Bitcoin mining through early 2021.[2] In June 2021, however, China banned all domestic cryptocurrency mining operations, citing the environmental impacts of Bitcoin mining energy demands among its concerns.[3]

As Bitcoin miners fled China, many relocated to neighboring countries, such as Kazakhstan, and the United States became the largest source of mining activity an estimated 35.1% of global mining power.[4] The surge in Bitcoin mining activity in Kazakhstan has not been without its controversy. Many Kazakhstan-based crypto mining operations are powered by coal plants, and there has been considerable unrest sparked by rising fuel costs.[5]

With some countries experiencing negative impacts from cryptocurrency mining operations, several countries have followed Chinas lead in banning cryptocurrencies. According to a 2021 report prepared by the Law Library of Congress, at least eight other countries Egypt, Iraq, Qatar, Oman, Morocco, Algeria, Tunisia, and Bangladesh have banned cryptocurrencies.[6] Many other countries have impliedly banned cryptocurrency or cryptocurrency exchanges, as well.[7]

U.S. Congress shines its spotlight on the energy demands of cryptocurrency mining.

Now home to over a third of the global computing power dedicated to mining bitcoin, the United States has turned its attention to domestic miners and their impacts on the environment and local economies.

In June 2021, U.S. policymakers were still predominantly focused on the consumer protection and security concerns raised by digital currencies; however, Senator Elizabeth Warren alluded to her growing concerns about the environmental costs of, particularly, proof of work mining.[8] On December 2, 2021, Senator Warren sent a letter requesting information on the environmental footprint of New York-based Bitcoin miner Greenridge Generation.[9] The letter observed that, [g]iven the extraordinarily high energy usage and carbon emissions associated with Bitcoin mining, mining operations at Greenridge and other plants raise concerns about their impacts on the global environment, on local ecosystems, and on consumer electricity costs.[10] Senator Warrens concerns sparked several rounds of congressional oversight and inquiries into the environmental impacts of, particularly, proof of work cryptocurrencies, over the past month.

Committee Hearing on Cleaning up Cryptocurrency begins oversight and investigation into the energy impacts of blockchains.

On January 20, 2022, the U.S. House of Representatives Committee on Energy and Commerces Subcommittee on Oversight and Investigations held a hearing, where the externalities of cryptocurrency mining were the focus of the agenda. An early indicator of the Subcommittees views on the issue, the title for the hearing was Cleaning up Cryptocurrency: The Energy Impacts of Blockchains.[11]

The hearing focused heavily on the amount of energy used to power proof of work cryptocurrency mining. Bitcoin Mining has been widely criticized for the massive amounts of power it consumes globally, more than 204 terawatt-hours as of January 2022. Although some operations are attempting to utilize renewable energy, the machines executing these algorithms consume enormous amounts of energy primarily sourced from fossil fuels.

The five industry experts testifying before the House Energy and Commerce Oversight Subcommittee had competing views on how regulators should address the energy consumption of cryptocurrencieswith some experts opining that the computational demands were a feature, not a bug.[12] Two of the experts Brian Brooks, CEO of Bitfury Group, and Professor Ari Juels, Faculty member at Cornell Tech debated the technical merits between proof of work and proof of stake systems, described earlier in this article.[13] Similarly, Gregory Zerzan, an attorney with Jordan Ramis, P.C. who previously held senior positions in the United States Government, encouraged the Subcommittee not to lose sight of the fact that cryptocurrencies are but one aspect of a larger innovation, blockchain.[14] Although the viewpoints of the experts varied considerably, there was a clear consensus among the experts: energy-efficient alternatives should guide the path forward.

John Belizaire, the founder and CEO of Soluna Computing, said that cryptocurrency mining could further accelerate the transition to renewable energy sources from an energy perspective.[15] Renewables currently suffer from one significant deficiency intermittency. An example of this challenge is the so-called duck curve, which illustrates major differences between the demands for electricity as compared to the amount of renewable energy sources available throughout the day. For example, when the sun is shining, there is significantly more power than consumers need for a few hours per day; however, solar energy does not provide nearly enough energy when demand spikes in the late afternoon and evening.[16] While there has been progress in the development of lithium battery storage a critical piece in solving the issues mentioned above for the time being, deploying these batteries at scale is still too expensive.

In addressing gaps in battery storage, Belizaire testified that Computing is a better battery.[17] Computing, he states, is an immediately deployable solution that can allow renewables to scale to their full potential today.[18] Belizaire highlighted that, unlike other industrial consumers, cryptocurrency miners can turn their systems off when necessary, giving miners the ability to absorb excess energy from a given areas electrical grid rather than straining it. This ability to start and stop or pause computing processes can increase grid resilience by absorbing excess energy from renewable resources that provide more power than the grid can handle. Brooks shared similar hopes for how Bitcoin mining could help stabilize electric grids, support the viability of renewable energy projects, and drive innovation in computing and cooling technology.[19]

Steve Wright, the former general manager of the Chelan County Public Utility District in Washington, testified that the portability of cryptocurrency operations could be a benefit in terms of locating operations based on underutilized transmission and distribution capacity availability.[20] Still, with ambitious goals to expand transmission and increase and integrate large amounts of carbon-free emitting generation, Wright testified that substantial collaboration and coordination will be necessary to avoid cryptocurrency mining exacerbating an already very difficult problem.[21]

Congressional Democrats continue the investigation into domestic mining operations and the Cryptomining Industry response.

The January 20, 2022 Hearing made clear that policymakers are doing their due diligence into the impact that the United States could experience as the number of domestic cryptocurrency mining operations increase. Commentary from the Hearing forecasted that scrutinizing the sources and costs of energy used in cryptocurrency mining would be a priority for Democrat members of Congress.

To that end, on January 27, 2022, eight Democrat members of Congress led by Senator Elizabeth Warren sent letters to six cryptomining companies raising concerns over their extraordinarily high energy uses.[22] Citing the same concerns raised in her December 2021 letter to Greenridge, Senator Warren and her colleagues observed that Bitcoin minings power consumption has more than tripled from 2019 to 2021, rivaling the energy consumption of Washington state, and of entire countries like Denmark, Chile, and Argentina.[23] To assist Congress in its investigation, Riot Blockchain, Marathon Digital Holdings, Stronghold Digital Mining, Bitdeer, Bitfury Group, and Bit Digital were all asked for information related to their mining operations, energy consumption, possible impacts on the climate and local environments, and the impact of electricity costs for American consumers.[24] Senator Warren and her colleagues requested written responses by no later than February 10, 2022, so this increased oversight will likely continue.

Even with increased oversight, current trends in crypto mining and renewables could soon make such inquiries a moot point. Amid the heated debate over the environmental impact of cryptocurrencies, miners are increasingly committed to changing the negative reputation that it has built over the years especially as these operations move to the United States. In November of last year, Houston-based tech company Lancium announced that it raised $150 million to build bitcoin mines across Texas that will run on renewable energy.[25] In 2022, the company plans to launch over 2,000 megawatts of capacity across its multiple sites.[26] Bitcoin mining company Argo Blockchain, a company listed on the London Stock Exchange, secured a $25 million loan to fund its green mining operation.[27] The 320-acre site will only use renewable energy, the majority being hydroelectric.[28] This deal is set to transform Argos mining capacity and is expected to be completed in the first half of 2022.[29]

Capital Markets also appear to have a growing appetite for the development of green crypto mining. In April of last year, Gryphon Digital Mining raised $14 Million Series A to launch a zero-carbon footprint Bitcoin mining operation powered exclusively by renewables.[30] In a raise that closed in just over two weeks, institutional investors who were significantly oversubscribed accounted for over thirty percent of the round.[31]

As congressional, social, and economic pressures grow, it is evident that there is going to be a big focus on the sustainability of Bitcoin mining. As such, we may very well see announcements, like the deals mentioned above, well into 2022 and beyond.

[4] See Bitcoin Mining Map.

[17] See, e.g., Belizaire Statement, p.4.

[19] See generally Brooks Statement, pp.8-10.

The rest is here:

Crossing the Wires of Energy and Cryptocurrency Policy: U.S. Congress Investigates the Environmental Impact of Crypto Mining - JD Supra

Read More..