DOJ-Collected Information Exposed In Data Breach Affecting 340,000 Information Collected An anonymous reader shared this report from Security Week: Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.



According to GMA's notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General's Office, both personal and Medicare information was compromised in the data breach... "This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information," the notification letter reads.

The compromised data, GMA says, was obtained by the US Department of Justice "as part of a civil litigation matter". More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General's Office. The impacted individuals, however, are "not the subject of this investigation or the associated litigation matters", the company tells the affected individuals.

From the Washington Post: The U.S. government said Thursday that Russian government hackers who recently stole Microsoft corporate emails had obtained passwords and other secret material that might allow them to breach multiple U.S. agencies.

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, on Tuesday issued a rare binding directive to an undisclosed number of agencies requiring them to change any log-ins that were taken and investigate what else might be at risk. The directive was made public Thursday, after recipients had begun shoring up their defenses. The "successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," CISA wrote. "This Emergency Directive requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to ensure authentication tools for privileged Microsoft Azure accounts are secure."
"CISA officials told reporters it is so far unclear whether the hackers, associated with Russian military intelligence agency SVR, had obtained anything from the exposed agencies," according to the article. And the article adds that CISA "did not spell out the extent of any risks to national interests."

But the agency's executive assistant director for cybersecurity did tell the newspaper that "the potential for exposure of federal authentication credentials...does pose an exigent risk to the federal enterprise, hence the need for this directive and the actions therein." Microsoft's Windows operating system, Outlook email and other software are used throughout the U.S. government, giving the Redmond, Washington-based company enormous responsibility for the cybersecurity of federal employees and their work. But the longtime relationship is showing increasing signs of strain.... [T]he breach is one of a few severe intrusions at the company that have exposed many others elsewhere to potential hacking. Another of those incidents — in which Chinese government hackers cracked security in Microsoft's cloud software offerings to steal email from State Department and Commerce Department officials — triggered a major federal review that last week called on the company to overhaul its culture, which the Cyber Safety Review Board cited as allowing a "cascade of avoidable errors."

An anonymous reader quotes a report from Ars Technica: Influential US Senator Sherrod Brown (D-Ohio) has called on U.S. President Joe Biden to ban electric vehicles from Chinese brands. Brown calls Chinese EVs "an existential threat" to the U.S. automotive industry and says that allowing imports of cheap EVs from Chinese brands "is inconsistent with a pro-worker industrial policy." Brown's letter to the president (PDF) is the most recent to sound alarms about the threat of heavily subsidized Chinese EVs moving into established markets. Brands like BYD and MG have been on sale in the European Union for some years now, and last October, the EU launched an anti-subsidy investigation into whether the Chinese government is giving Chinese brands an unfair advantage.

The EU probe won't wrap until November, but another report published this week found that government subsidies for green technology companies are prevalent in China. BYD, which now sells more EVs than Tesla, has benefited from almost $4 billion (3.7 billion euro) in direct help from the Chinese government in 2022, according to a study by the Kiel Institute. Last month, the EU even started paying extra attention to imports of Chinese EVs, issuing a threat of retroactive tariffs that could start being imposed this summer. Chinese EV imports to the EU have increased by 14 percent since the start of its investigation, but they have yet to really begin in the U.S., where there are a few barriers in their way. Chinese batteries make an EV ineligible for the IRS's clean vehicle tax credit, for one thing. And Chinese-made vehicles (like the Lincoln Nautilus, Buick Envision, and Polestar 2) are already subject to a 27.5 percent import tax.

But Chinese EVs are on sale in Mexico already, and that has American automakers worried. Last year, Ford CEO Jim Farley said he saw Chinese automakers "as the main competitors, not GM or Toyota." And in January, Tesla CEO Elon Musk said he believed that "if there are no trade barriers established, they will pretty much demolish most other car companies in the world." [...] It's not just the potential damage to the U.S. auto industry that has prompted this letter. Brown wrote that he is concerned about the risk of China having access to data collected by connected cars, "whether it be information about traffic patterns, critical infrastructure, or the lives of Americans," pointing out that "China does not allow American-made electric vehicles near their official buildings." At the end of February, the Commerce Department also warned of the security risk from Chinese-connected cars and revealed it has launched an investigation into the matter. "When the goal is to dominate a sector, tariffs are insufficient to stop their attack on American manufacturing," Brown wrote. "Instead, the Administration should act now to ban Chinese EVs before they destroy the potential for the U.S. EV market. For this reason, no solution should be left off the table, including the use of Section 421 (China Safeguard) of the Trade Act of 1974, or some other authority."

An anonymous reader quotes a report from Wired: A controversial US wiretap program days from expiration cleared a major hurdle on its way to being reauthorized. After months of delays, false starts, and interventions by lawmakers working to preserve and expand the US intelligence community's spy powers, the House of Representatives voted on Friday to extend Section 702 (PDF) of the Foreign Intelligence Surveillance Act (FISA) for two years. Legislation extending the program -- controversial for being abused by the government -- passed in the House in a 273-147 vote. The Senate has yet to pass its own bill.

Section 702 permits the US government to wiretap communications between Americans and foreigners overseas. Hundreds of millions of calls, texts, and emails are intercepted by government spies each with the "compelled assistance" of US communications providers. The government may strictly target foreigners believed to possess "foreign intelligence information," but it also eavesdrops on the conversations of an untold number of Americans each year. (The government claims it is impossible to determine how many Americans get swept up by the program.) The government argues that Americans are not themselves being targeted and thus the wiretaps are legal. Nevertheless, their calls, texts, and emails may be stored by the government for years, and can later be accessed by law enforcement without a judge's permission. The House bill also dramatically expands the statutory definition for communication service providers, something FISA experts, including Marc Zwillinger -- one of the few people to advise the Foreign Intelligence Surveillance Court (FISC) -- have publicly warned against.

The FBI's track record of abusing the program kicked off a rare detente last fall between progressive Democrats and pro-Trump Republicans -- both bothered equally by the FBI's targeting of activists, journalists, anda sitting member of Congress. But in a major victory for the Biden administration, House members voted down an amendment earlier in the day that would've imposed new warrant requirements on federal agencies accessing Americans' 702 data. The warrant amendment was passed earlier this year by the House Judiciary Committee, whose long-held jurisdiction over FISA has been challenged by friends of the intelligence community. Analysis by the Brennan Center this week found that 80 percent of the base text of the FISA reauthorization bill had been authored by intelligence committee members.

sinij shares a report: Members of Parliament in Canada are expected to vote for up to 15 hours in a row Thursday and Friday on more than 200 Conservative amendments to the government's sustainable jobs bill. The amendments are what's left of nearly 20,000 changes the Conservatives proposed to Bill C-50 last fall at a House of Commons committee. Liberals now contend the Conservatives came up with the amendments using artificial intelligence in order to gum up the government's agenda. The Conservatives deny that accusation.

China is rapidly advancing its space capabilities to challenge the United States' dominance in space, as evidenced by its significant increase in on-orbit intelligence and reconnaissance satellites and the development of sophisticated counterspace weapons. Space.com reports: "Frankly, China is moving at a breathtaking speed. Since 2018, China has more than tripled their on-orbit intelligence, surveillance and reconnaissance satellites," Gen. Stephen Whiting, commander of U.S. Space Command, said here on Tuesday, during a talk at the 39th Space Symposium. "And with these systems, they've built a kill web over the Pacific Ocean to find, fix, track and, yes, target United States and allied military capabilities," he added. And that's not all. China has also "built a range of counterspace weapons, from reversible jamming all the way up to kinetic hit-to-kill direct-ascent and co-orbital ASATs," Whiting said.

Indeed, China demonstrated direct-ascent ASAT, or anti-satellite, weapon technology back in January 2007, when it destroyed one of its defunct weather satellites with a missile. That test was widely decried as irresponsible, for it generated thousands of pieces of debris, many of which are still cluttering up Earth orbit. Such activities show that China is now treating space as a war-fighting domain, Whiting said. And so, he added, is Russia, which has also conducted ASAT tests recently, including a destructive one in November 2021. Russia has also been aggressively building out its orbital architecture; since 2018, the nation has more than doubled its total number of active satellites, according to Whiting. The U.S. government has taken notice of these trends.

"We are at a pivotal moment in history," Troy Meink, principal deputy director of the National Reconnaissance Office, which builds and operates the United States' fleet of spy satellites, said during a different talk on Tuesday here at the symposium. "For the first time in decades, U.S. leadership in space and space technology is being challenged," Meink added. "Our competitors are actively seeking ways to threaten our capabilities, and we see this every day." The U.S. must act if it wishes to beat back this challenge, Meink and Whiting stressed; it cannot rely on the inertia of past success to do the job. For example, Meink highlighted the need to innovate with the nation's reconnaissance satellites, to make them more numerous, more agile and more resilient. U.S. Under Secretary of Defense for Research and Engineering Heidi Shyu also emphasized the importance of increasing resilience, a goal that she said could be achieved by diversifying the nation's space capabilities. "We must assess ways to incorporate radiation-hardened electronics, novel orbits, varied communication pathways, advancements in propulsion technologies and increased cooperation with our allies," Shyu said in another talk on Tuesday at the symposium.

An anonymous reader quotes a report from Ars Technica: Amid a flurry of lawsuits over AI models' training data, US Representative Adam Schiff (D-Calif.) has introduced (PDF) a bill that would require AI companies to disclose exactly which copyrighted works are included in datasets training AI systems. The Generative AI Disclosure Act "would require a notice to be submitted to the Register of Copyrights prior to the release of a new generative AI system with regard to all copyrighted works used in building or altering the training dataset for that system," Schiff said in a press release.

The bill is retroactive and would apply to all AI systems available today, as well as to all AI systems to come. It would take effect 180 days after it's enacted, requiring anyone who creates or alters a training set not only to list works referenced by the dataset, but also to provide a URL to the dataset within 30 days before the AI system is released to the public. That URL would presumably give creators a way to double-check if their materials have been used and seek any credit or compensation available before the AI tools are in use. All notices would be kept in a publicly available online database.

Currently, creators who don't have access to training datasets rely on AI models' outputs to figure out if their copyrighted works may have been included in training various AI systems. The New York Times, for example, prompted ChatGPT to spit out excerpts of its articles, relying on a tactic to identify training data by asking ChatGPT to produce lines from specific articles, which OpenAI has curiously described as "hacking." Under Schiff's law, The New York Times would need to consult the database to ID all articles used to train ChatGPT or any other AI system. Any AI maker who violates the act would risk a "civil penalty in an amount not less than $5,000," the proposed bill said. Schiff described the act as championing "innovation while safeguarding the rights and contributions of creators, ensuring they are aware when their work contributes to AI training datasets."

"This is about respecting creativity in the age of AI and marrying technological progress with fairness," Schiff said.

An anonymous reader quotes a report from The Guardian: Ministers are considering banning the sale of smartphones to children under the age of 16 after a number of polls have shown significant public support for such a curb. The government issued guidance on the use of mobile phones in English schools two months ago, but other curbs are said to have been considered to better protect children after a number of campaigns. [...] A March survey by Parentkind, of 2,496 parents of school-age children in England, found 58% of parents believe the government should ban smartphones for under-16s. It also found more than four in five parents said they felt smartphones were "harmful" to children and young people.

Another survey by More in Common revealed 64% of people thought that a ban on selling smartphones to under-16s would be a good idea, compared with 20% who said it was a bad idea. The curb was even popular among 2019 Tory voters, according to the thinktank, which found 72% backed a ban, as did 61% of Labour voters. But the thought of another ban has left some Conservatives uneasy. One Tory government source described the idea as "out of touch," noting: "It's not the government's role to step in and microparent; we're meant to make parents more aware of the powers they have like restrictions on websites, apps and even the use of parental control apps." They said only in extreme cases could the government "parent better than actual parents and guardians."

Rachel Treisman reports via NPR: Authorities in the Russian republic of Chechnya are banning music they consider either too fast or too slow, effectively criminalizing many genres. The Chechen Ministry of Culture announced the ban on its website last week, by the order of Culture Minister Musa Dadayev and with the agreement of Chechen leader Ramzan Kadyrov. "Musical, vocal and choreographic" works will be limited to a tempo of 80 to 116 beats per minute (BPM) to "conform to the Chechen mentality and sense of rhythm," said Dadayev, according to the Russian state-run news agency TASS.

"Borrowing musical culture from other peoples is inadmissible," Dadayev said, per a translation by The Guardian. "We must bring to the people and to the future of our children the cultural heritage of the Chechen people. This includes the entire spectrum of moral and ethical standards of life for Chechens." Russian media report that artists have until June 1 to rewrite any music that doesn't conform to the new rule, though it's not clear how it will be enforced. [...]

The government's crackdown on certain musical tempos would silence most modern music genres. Electronic styles of music like house, techno and dubstep all tend to have BPMs of over 116, says the audio tech company Izotope, while the average tempo of 2020's best-selling pop songs was 122 BPM, according to the BBC. The independent Russian news outlet Meduza said the tempo of the Russian national anthem would be considered too slow under the new limit, reports RadioFreeEurope/RadioLiberty. But it would seem to permit hip-hop music, which generally has a BPM of 85 to 95. "Chechnya is a roughly 6,700-square-mile autonomous republic situated in the North Caucasus of southern Russia and home to some 1.5 million people, the vast majority of whom are Muslim," notes NPR. "The U.S. Commission on International Religious Freedom has said Kadyrov's regime 'maintains hegemony through the imposition of a purported 'traditional' version of Islam, which falsely claims to defend local belief and culture, and combat violent extremism.'"

"'In reality, Kadyrov has [co-opted] Chechen religion and culture to support his brutal regime, which violates the secular constitution of the Russian Federation and international standards of freedom of religion or belief,' it added."

Sierra Space CEO Tom Vice told Yahoo Finance it plans to go public within the next 18 months at a valuation of $5.3 billion. Since being spun out of defense contractor Sierra Nevada Corporation in 2021, the company has "placed its bets on building out the growing space economy, from developing rocket propulsion technology to a commercial space station with Blue Origin." From the report: Its ambitions have fueled the development of its cargo space plane, the Dream Chaser, set to have its inaugural mission to the International Space Station (ISS) in the second half of this year. Built to land on any commercial runway, the plane will lower the barrier to entry into low-earth orbit and open up business opportunities, Vice said. "Since the 1960s, every science experiment or human being that's come back to earth from space, even today, is still landing in a capsule in the ocean," he said. "We think changing and revolutionizing the way that we bring things back from space, both humans and cargo, and landing [the spacecraft] back at a commercial runway will completely accelerate the new space economy."

"We believe that the next big breakthrough products in oncology, longevity, and industrialized components like glass will be produced in low Earth orbit," Vice said, noting that many of those opportunities are likely to come from the development of commercial space stations to replace the decades-old ISS. Sierra Space has partnered with Blue Origin to build out the Orbital Reef, a commercially owned and operated space station, though recent reports have hinted at tension between the corporate partners. "We're transitioning from decades of government-run space stations with just a handful of government-trained astronauts to the full commercialization of low Earth orbit," Vice said. "We think that's going to create, we believe, probably the most profound industrial revolution and grow that space economy well over a trillion dollars by 2040."

Bruce66423 shares a report from The Guardian, with the caption: "The UK is hyperventilating about stories of shoplifting; though standing outside a shop and watching as a guy calmly gets off his bike, parks it, walks in and walks out with a pack of beer and cycles off -- and then seeing staff members rushing out -- was striking. So now it's throwing technical solutions at the problem..." From the report: The government is investing more than 55 million pounds in expanding facial recognition systems -- including vans that will scan crowded high streets -- as part of a renewed crackdown on shoplifting. The scheme was announced alongside plans for tougher punishments for serial or abusive shoplifters in England and Wales, including being forced to wear a tag to ensure they do not revisit the scene of their crime, under a new standalone criminal offense of assaulting a retail worker.

The new law, under which perpetrators could be sent to prison for up to six months and receive unlimited fines, will be introduced via an amendment to the criminal justice bill that is working its way through parliament. The change could happen as early as the summer. The government said it would invest 55.5 million pounds over the next four years. The plan includes 4 million pounds for mobile units that can be deployed on high streets using live facial recognition in crowded areas to identify people wanted by the police -- including repeat shoplifters. "This Orwellian tech has no place in Britain," said Silkie Carlo, director of civil liberties at campaign group Big Brother Watch. "Criminals should be brought to justice, but papering over the cracks of broken policing with Orwellian tech is not the solution. It is completely absurd to inflict mass surveillance on the general public under the premise of fighting theft while police are failing to even turn up to 40% of violent shoplifting incidents or to properly investigate many more serious crimes."

A bill introduced in the US Congress on Tuesday intends to force AI companies to reveal the copyrighted material they use to make their generative AI models. From a report: The legislation adds to a growing number of attempts from lawmakers, news outlets and artists to establish how AI firms use creative works like songs, visual art, books and movies to train their software-and whether those companies are illegally building their tools off copyrighted content.

The California Democratic congressman Adam Schiff introduced the bill, the Generative AI Copyright Disclosure Act, which would require that AI companies submit any copyrighted works in their training datasets to the Register of Copyrights before releasing new generative AI systems, which create text, images, music or video in response to users' prompts. The bill would need companies to file such documents at least 30 days before publicly debuting their AI tools, or face a financial penalty. Such datasets encompass billions of lines of text and images or millions of hours of music and movies.

"AI has the disruptive potential of changing our economy, our political system, and our day-to-day lives. We must balance the immense potential of AI with the crucial need for ethical guidelines and protections," Schiff said in a statement. Whether major AI companies worth billions have made illegal use of copyrighted works is increasingly the source of litigation and government investigation. Schiff's bill would not ban AI from training on copyrighted material, but would put a sizable onus on companies to list the massive swath of works that they use to build tools like ChatGPT -- data that is usually kept private.

Vinod Khosla, the founder of venture capital firm Khosla Ventures, opines on the bill that seeks to ban TikTok or force its parent firm to divest the U.S. business: Even if one could argue that this bill strikes at the First Amendment, there is legal precedent for doing so. In 1981, Haig vs Agee established that there are circumstances under which the government can lawfully impinge upon an individual's First Amendment rights if it is necessary to protect national security and prevent substantial harm. TikTok and the AI that can be channelled through it are national and homeland security issues that meet these standards.

Should this bill turn into law, the president would have the power to force any foreign-owned social media to be sold if US intelligence agencies deem them a national security threat. This broader scope should protect against challenges that this is a bill of attainder. Similar language helped protect effective bans on Huawei and Kaspersky Lab. As for TikTok's value as a boon to consumers and businesses, there are many companies that could quickly replace it. In 2020, after India banned TikTok amid geopolitical tensions between Beijing and New Delhi, services including Instagram Reels, YouTube Shorts, MX TakaTak, Chingari and others filled the void.Â

Few appreciate that TikTok is not available in China. Instead, Chinese consumers use Douyin, the sister app that features educational and patriotic videos, and is limited to 40 minutes per day of total usage. Spinach for Chinese kids, fentanyl -- another chief export of China's -- for ours. Worse still, TikTok is a programmable fentanyl whose effects are under the control of the CCP.

More than 200 chemical plants across the country will be required to curb the toxic pollutants they release into the air [non-paywalled link] under a regulation announced by the Biden administration on Tuesday. From a report: The regulation is aimed at reducing the risk of cancer for people living near industrial sites. This is the first time in nearly two decades that the government has tightened limits on pollution from chemical plants. The new rule, from the Environmental Protection Agency, specifically targets ethylene oxide, which is used to sterilize medical devices, and chloroprene, which is used to make rubber in footwear.

The E.P.A. has classified the two chemicals as likely carcinogens. They are considered a top health concern in an area of Louisiana so dense with petrochemical and refinery plants that it is known as Cancer Alley. Most of the facilities affected by the rule are in Texas, Louisiana and elsewhere along the Gulf Coast as well as in the Ohio River Valley and West Virginia. Communities in proximity to the plants are often disproportionately Black or Latino and have elevated rates of cancer, respiratory problems and premature deaths.

By becoming the official custodian of an entire nation's history for the first time, the Internet Archive is expanding its already outsize role in preserving the digital world for posterity. From a report: Aruba has long been a special place for Stacy Argondizzo. For years, her family has vacationed on the tiny Caribbean Island every July. More recently it's been more than just a place to take a break from her work as a digital archivist -- becoming wholly a part of that work.

A project Argondizzo galvanized comes to full fruition this week. The Internet Archive is now home to the Aruba Collection, which hosts digitized versions of Aruba's National Library, National Archives, and other institutions including an archaeology museum and the University of Aruba. The collection comprises 101,376 items so far -- roughly one for each person who lives on the Island -- including 40,000 documents, 60,000 images, and seven 3D objects.

The Internet Archive is mostly known for trying to back up online resources like websites that don't have a government body advocating for their posterity. Being tapped to back up an entire nation's history takes the nonprofit into new territory, and it is a striking endorsement of its mission to bring as much information online as possible. "What makes Aruba unique is they have cooperation from all the leading cultural heritage players in the country," says Chris Freeland, the Internet Archive's director of library services. "It's just an awesome statement." The project is funded wholly by the Internet Archive, in line with its policy of generally letting anyone upload content.

The Federal Communications Commission chair decided not to impose Universal Service fees on Internet service, rejecting arguments for new assessments to shore up an FCC fund that subsidizes broadband network expansions and provides discounts to low-income consumers. From a report: The $8 billion-a-year Universal Service Fund (USF) pays for FCC programs such as Lifeline discounts and Rural Digital Opportunity Fund deployment grants for ISPs. Phone companies must pay a percentage of their revenue into the fund, and telcos generally pass those fees on to consumers with a "Universal Service" line item on telephone bills.

Imposing similar assessments on broadband could increase the Universal Service Fund's size and/or reduce the charges on phone service, spreading the burden more evenly across different types of telecommunications services. Some consumer advocates want the FCC to increase the fund in order to replace the Affordable Connectivity Program (ACP), a different government program that gives $30 monthly broadband discounts to people with low incomes but is about to run out of money because of inaction by Congress. The Universal Service funding question is coming up now because, on April 25, the FCC is scheduled to vote on reclassifying broadband as a telecommunications service in order to re-impose the net neutrality rules scrapped during the Trump era. Imposing Universal Service charges on broadband would likely result in ISPs adding those costs to monthly bills and would make the net neutrality proceeding even more of a political minefield than it already is. FCC Chairwoman Jessica Rosenworcel's net neutrality proposal takes the same stance against requiring Universal Service contributions that the FCC took in 2015 when it first imposed the net neutrality rules.

A jailed trader accused of stealing $110 million on the Mango Markets exchange faces a criminal trial this week that will test the reach of a US crackdown on cryptocurrencies. From a report: Prosecutors charged Avraham Eisenberg with manipulating Mango Markets futures contracts on Oct. 11, 2022, to boost the price of swaps by 1,300% in 20 minutes. He then "borrowed" from the exchange against the inflated value of those contracts, a move the government claims was a theft. Jury selection begins Monday in New York federal court, where groundbreaking crypto cases have played out. FTX co-founder Sam Bankman-Fried was sentenced there last month to 25 years in prison for orchestrating a multibillion-dollar scheme, while Terraform Labs Pte. and co-founder Do Kwon were found liable Friday for fraud in civil trial over the firm's 2022 collapse, which wiped out $40 billion in investor assets.

Eisenberg, a self-described "applied game theorist," claims his actions weren't theft at all. Rather, he says, he legally exploited a weakness in the decentralized finance application. The trial will apparently be the first time a US criminal jury will weigh what type of "DeFi" transactions are legal. In the crypto world, where digital blockchains govern who owns what, the virtual ecosystem is built around the notion that "code is law." It means that if something isn't explicitly forbidden by terms of a crypto platform, then government can't intercede. But prosecutors say those rules can't protect traders against possible criminal charges for market manipulation or fraud.

The U.S. Commerce Department said on Monday it would award Taiwan Semiconductor Manufacturing Co's unit a $6.6 billion subsidy for advanced semiconductor production in Phoenix, Arizona and up to $5 billion in low-cost government loans. From a report: TSMC agreed to expand its planned investment by $25 billion to $65 billion and to add a third Arizona fab by 2030, Commerce said in announcing the preliminary award. The Taiwanese company will produce the world's most advanced 2 nanometer technology at its second Arizona fab expected to begin production in 2028, the department said.

"These are the chips that underpin all artificial intelligence, and they are the chips that are necessary components for the technologies that we need to underpin our economy, but frankly, a 21st century military and national security apparatus," Commerce Secretary Gina Raimondo said in a statement. TSMC, the world's largest contract chipmaker and a major supplier to Apple and Nvidia had previously announced plans to invest $40 billion in Arizona. TSMC expects to begin high-volume production in its first U.S. fab there by the first half of 2025, Commerce said. The $65 billion-plus investment by TSMC is the largest foreign direct investment in a completely new project in U.S. history, the department said.

The Seattle Times has a Pulitzer Prize-winning aerospace journalist named Dominic Gates. Sunday he published an expose on "a yearslong decline of safety standards" at Boeing.

After a 1997 merger, its new executive leaders "treated experienced engineers and machinists as expendable, ignoring the potential damage to Boeing's essential mission of designing and building high-quality airplanes...." The arc of Boeing's fall can be traced back a quarter century, to when its leaders elevated the interests of shareholders above all others, said Richard Aboulafia, industry analyst with AeroDynamic Advisory. "Crush the workers. Share price. Share price. Share price. Financial moves and metrics come first," was Boeing's philosophy, he said. It was, he said, "a ruthless effort to cut costs without any realization of what it could do to capabilities...." Its leaders outsourced work, sold off whole divisions and discarded key capabilities such as developing avionics, machining parts and building fuselages. On the 787, they even outsourced the jet's wings to Japan. They moved work away from Boeing's highly skilled, unionized base in the Puget Sound region. They weakened unions and extorted state government with repeated threats to build future airplanes elsewhere. They squeezed suppliers by demanding price cuts every year that in turn forced the suppliers into ruinous cost-cutting and left them vulnerable to collapse during shocks like the COVID-19 pandemic....

Belatedly, Boeing's current leaders, overwhelmed by criticism, mockery and outrage since January, have finally admitted publicly that some key strategies they pursued for decades were flawed. "Boeing, more than 20 years ago, probably got a little too far ahead of itself on the topic of outsourcing," Chief Financial Officer Brian West said last month. And in January, on CNBC, Boeing Chief Executive Dave Calhoun conceded: "Did it go too far? Yeah, probably did."

Both were speaking about major supplier Spirit AeroSystems of Wichita, Kan., part of Boeing until it was sold off two decades ago, part of a broad divestment of assets to please Wall Street and boost the stock. Following a litany of quality lapses in Wichita, Boeing is now admitting a mistake and trying to buy Spirit back — "for safety and for quality," said West. Another mistake belatedly recognized: With annual bonuses for Boeing's factory managers based largely on meeting cost and schedule targets, it was long a cardinal sin to stop the assembly line. That meant unfinished jobs piled up on aircraft as they moved forward down the line, what Boeing calls "traveled work." Done out of sequence, this work is more difficult and takes much longer. If too much traveled work piles up, it creates chaos. That's what happened in Renton on the 737 assembly line. "For years, we prioritized the movement of the airplane through the factory over getting it done right, and that's got to change," West said. "Once you reduce traveled work, your quality gets better...."

Speaking of how Spirit might be fixed, West said: "It's really about focus and running it, not as a business, as a factory. Run it as a factory and stay focused on safety and quality and stability."
Phil Chandler, a highly skilled Boeing machinist for more than 42 years (retiring in 2020), saw a "dictatorial" approach on the factory floor, according to the article. "Whereas in the past, first-level and even second-level managers in the factory had come up through the ranks as mechanics and had deep knowledge of the work, after [Boeing president Harry] Stonecipher came in those jobs shifted to white-collar people with degrees, often with MBAs."

And a former Boeing physicist also complains about the "shoot-the-messenger" management approach when developing their 787, according to the article: "Engineers who raised technical doubts were told: 'Follow the plan. If you can't do your job, I'll fire you and get someone who can.'"

It's the world's most widely used vulnerability database, reports SC Magazine, offering standards-based data on CVSS severity scores, impacted software and platforms, contributing weaknesses, and links to patches and additional resources.

But "there is a growing backlog of vulnerabilities" submitted to America's National Vulnerability Database and "requiring analysis", according to a new announcement from the U.S. Commerce Department's National Institute of Standards. "This is based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support." From SC Magazine: According to NIST's website, the institute analyzed only 199 of 3370 CVEs it received last month. [And this month another 677 came in — of which 24 have been analyzed.]

Other than a short notice advising it was working to establish a new consortium to improve the NVD, NIST had not provided a public explanation for the problems prior to a statement published [April 2]... "Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well."

NIST, which had its budget cut by almost 12% this year by lawmakers, said it was committed to continuing to support and manage the NVD, which it described as "a key piece of the nation's cybersecurity infrastructure... We are also looking into longer-term solutions to this challenge, including the establishment of a consortium of industry, government and other stakeholder organizations that can collaborate on research to improve the NVD," the statement said. "We will provide more information as these plans develop..."

A group of cybersecurity professionals have signed an open letter to Congress and Commerce Secretary Gina Raimondo in which they say the enrichment issue is the result of a recent 20% cut in NVD funding.
The article also cites remarks from NVD program manager Tanya Brewer (reported by Infosecurity Magazine) from last week's VulnCon conference on plans to establish a NVD consortium. "We're not going to shut down the NVD; we're in the process of fixing the current problem. And then, we're going to make the NVD robust again and we'll make it grow."

Thanks to Slashdot reader spatwei for sharing the article.