An anonymous reader quotes a report from Motherboard: One of the United States' first major forays into lithium mining seems like it's going to be in the Salton Sea -- one of the most polluted places in the country -- after General Motors struck a deal with a mining company called Controlled Thermal Resources. This is a big, and potentially very complicated, deal for anyone who cares about the planet. Many experts believe that in order to have any hope of staving off climate change, we have to electrify cars and essentially everything else as soon as possible (ideally, yesterday). Lithium-ion batteries are key to this process, and global demand is expected to increase between 5 and 18 times over the next several years. Put simply, we will need a lot of lithium, and the overwhelming majority of lithium in today's batteries comes from Australia, Chile, China, and Argentina. But the American southwest has huge stores of lithium as well.

General Motors is hoping that a CTR mine in the Salton Sea can supply "a significant portion" of the lithium needed for its electric cars. It's a step toward GM's first-in-the-nation commitment to phasing gasoline-powered cars out of its production line by 2035 -- CTR is slated to start delivering lithium to the company by 2024, at which point the company will be well-poised to achieve this goal.

This is, potentially, a very good thing. But it's also complicated: Mining, broadly speaking, is environmentally destructive. Lithium mining is usually -- but not always -- less destructive than, say, strip mining. And the Salton Sea, an accidental reservoir near California vacation mainstays like Joshua Tree and Palm Springs, is one of the most polluted places on the planet due to decades of agricultural runoff. Environmentalists there worry that if the lake continues to dry up, toxic dust on its floor could go airborne and pollute the air between Phoenix and Los Angeles. The lake is understood to hold one of the nation's largest lithium brine stores, capable of supplying up to 40 percent of global demand for the mineral, according to the California Energy Commission (CEC). CTR claims its production process is self-contained and environmentally sound, as it plans to use renewable energy to extract the mineral.

"But to community members around the proposed mines, ramping up lithium extraction feels complicated," reports Motherboard. "Chemicals like arsenic, selenium, and pesticides are rampant in the lake's waters, and their particles have been released into the atmosphere as it dries, which is happening at an increasing rate as drought grips the west coast. [...] So, ramping up mining in one of the state's most polluted counties -- where 85 percent of residents are Hispanic or Latino and 22 percent live under the poverty line -- feels risky to environmental justice organizers like Miguel Hernandez, communications coordinator at Comite Civico del Valle. Hernandez hopes to see producers and local legislators make an effort to inform residents about the possible, yet-mostly-unknown health effects of lithium mining, which is water-intensive and produces a fair amount of mineral waste."

The Federal Communications Commission broadband standard that was implemented under then-Chairman Tom Wheeler in 2015 and never updated by Ajit Pai is now "likely too slow," according to a government report issued last week. From a report: The Wheeler-led FCC in January 2015 updated the agency's broadband standard from 4Mbps downstream and 1Mbps upstream to 25Mbps downloads/3Mbps uploads. The increase was opposed by broadband-industry lobbyists and Republicans, including Ajit Pai, who was then a commissioner and later served as FCC chairman throughout the Trump administration. Pai never updated the 25Mbps/3Mbps standard in his four years as chair. In his last annual broadband-deployment report issued in January 2021, Pai concluded that "fixed services with speeds of 25/3Mbps continue to meet the statutory definition of advanced telecommunications capability."

Amazon.com has won U.S. permission to use radar to monitor consumers' sleep habits. From a report: The Federal Communications Commission on Friday granted Amazon.com Inc. approval to use a radar sensor to sense motion and "enable contactless sleep tracing functionalities." Amazon on June 22 asked the FCC, which regulates airwave uses, for permission to market a device that uses radar. The technology captures movement in three dimensions, enabling a user to control its features through simple gestures and movements, the company said in a filing. The capability, according to Amazon, could help people with "with mobility, speech, or tactile impairments," and it could monitor sleep with a high degree of precision.

President Biden is signing an executive order Friday urging federal agencies to more aggressively police conduct by Big Tech -- including to more closely review acquisitions that thwart competition. The action comes amid a growing backlash by lawmakers and regulators against massive Silicon Valley firms. From a report: Biden's order doesn't name the likes of Google, Facebook, Amazon or Apple but the White House says it addresses "areas in which dominant tech firms are undermining competition and reducing innovation," including M&A, data collection and the "right to repair" devices. The order, "Promoting Competition in the American Economy," isn't just aimed at Big Tech. The sweeping set of recommendations also includes provisions targeted at internet service providers -- including an official call to restore net neutrality rules repealed under Trump -- as well as healthcare, agriculture, transportation, and banking and consumer finance. All told, Biden's executive order includes 72 initiatives directed at more than a dozen federal agencies to "promptly tackle some of the most pressing competition problems across our economy," according to a White House press release.

Motherboard bought an FBI "Anom" phone that the agency secretly sells to criminals to monitor their communications. Joseph Cox reports: The sleek, black phone seems perfectly normal. Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings. Clicking the calculator doesn't open a calculator -- it opens a login screen.

"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app. When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.

"A federal judge on Wednesday blocked for the time being a new Florida law that sought to punish large social media businesses like Facebook and Twitter if they remove content or ban politicians," reports the Associated Press: U.S. District Judge Robert Hinkle granted a preliminary injunction stopping the new law from being enforced. The law — which was supposed to take effect on Thursday — enabled the state to fine large social media companies $250,000 a day if they remove an account of a statewide political candidate, and $25,000 a day if they remove an account of someone running for a local office. The legislation was challenged in federal court in Tallahassee by NetChoice, a lobbying firm that represents Twitter, Facebook and other online companies, and the Computer and Communications Industry Association. Both said the new law was unconstitutional and violated federal law.

The plaintiffs were likely to prevail on their claim that the new law violated the First Amendment if the case went to trial, the judge said.

Hinkle said the new law was aimed at only large social media businesses, not smaller ones that provide the same services, and made exceptions for Disney and their apps by including that theme park owners wouldn't be subject to the law.
The judge also argued that the law "compels providers to host speech that violates their standards."

Earlier today at around 11:45 AM EDT, Virgin Orbit successfully launched its first commercial satellites from their LauncherOne rocket, which blasted off from beneath the wing of a Boeing 747. TechCrunch reports: On board, Virgin Orbit carried seven payloads, including the first-ever defense satellite for the Netherlands, as well as cubsats developed by the U.S. Department of Defense for its Rapid Agile Launch initiative. The initiative is seeking to test the viability of flying small spacecraft to space on relatively short notice on launch platforms with increased flexibility, which Virgin Orbit's provides thanks to its ability to take off horizontally from more or less conventional runways. Virgin Orbit also carried two Earth observation satellites for Polish startup SatRevolution, and it will be delivering more in future flights to help build out that company's planned 14-spacecraft constellation.

In January, Virgin Orbit completed its final demonstration mission, reaching orbit for the first time with LauncherOne. That paved the way for this mission, and the company plans to increase the pace and frequency of its commercial missions, with at least one more planned tentatively for later this year and many more in 2022. In terms of payload capacity, Virgin Orbit's Launcher One can carry around 1,100 pounds to low Earth orbit, which compares favorably with the capacity of Rocket Lab's Electron, which can carry around 661 pounds to the same destination.

Elon Musk said on Tuesday that total investments in Starlink would reach between $5 billion and $10 billion before the satellite internet venture achieves positive cash flow. From a report: Over the lifetime of the project, total investments could run to $20-$30 billion, the Tesla CEO told the Mobile World Congress in Barcelona. "It's a lot, basically," Musk said in a video interview from California.

The Houston Chronicle reports: The Texas Supreme Court ruled Friday in a Houston case that Facebook is not a "lawless no-man's-land" and can be held liable for the conduct of pimps who use its technology to recruit and prey on children.

The ruling came in a trio of Houston civil actions involving teenage trafficking victims who met their abusive pimps through Facebook's messaging functions. They sued the California-based social media juggernaut for negligence and product liability, saying that Facebook failed to warn about or attempt to prevent sex trafficking from taking place on its internet platforms. The suits also alleged that Facebook benefited from the sexual exploitation of trafficking victims. The justices said trafficking victims can move forward with lawsuits on the grounds that Facebook violated a provision of the Texas Civil Practice and Remedies Code passed in 2009.

Facebook lawyers argued the company was shielded from liability under Section 230 of the federal Communications Decency Act, which states that what users say or write online is not akin to a publisher conveying the same message. Essentially, they said, Facebook is immune to these types of lawsuits. The majority wrote, "We do not understand Section 230 to 'create a lawless no-man's-land on the Internet' in which states are powerless to impose liability on websites that knowingly or intentionally participate in the evil of online human trafficking... Holding internet platforms accountable for the words or actions of their users is one thing, and the federal precedent uniformly dictates that Section 230 does not allow it," the opinion said. "Holding internet platforms accountable for their own misdeeds is quite another thing. This is particularly the case for human trafficking."

The justices explained that Congress recently amended Section 230 to add the possibility of civil liability for websites that violate state and federal human-trafficking laws. They said under the amended law states may protect residents from internet companies that knowingly or intentionally participate in human trafficking through their action or inaction..... Annie McAdams, a lead attorney for the plaintiffs, said it was a groundbreaking decision. This is the first case to beat Facebook on its argument that it had immunity under Section 230, she said.

An anonymous reader quotes a report from Reuters: Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft. Microsoft said it had warned the affected customers. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," the warning reads in part. The U.S. government has publicly attributed the earlier attacks to the Russian government, which denies involvement.

After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers. The agent could see billing contact information and what services the customers pay for, among other things. "The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in. Microsoft said it was aware of three entities that had been compromised in the phishing campaign. It did not immediately clarify whether any had been among those whose data was viewed through the support agent, or if the agent had been tricked by the broader campaign. Microsoft did not say whether the agent was at a contractor or a direct employee.

An anonymous reader quotes a report from Ars Technica: For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs -- along with a wide variety of point-of-sale terminals -- in a new way: with a wave of his phone over a contactless credit card reader. Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader -- rather than swipe or insert it -- to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash -- though that "jackpotting" hack only works in combination with additional bugs he says he has found in the ATMs' software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors. "You can modify the firmware and change the price to one dollar, for instance, even when the screen shows that you're paying 50 dollars. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here," says Rodriguez of the point-of-sale attacks he discovered. "If you chain the attack and also send a special payload to an ATM's computer, you can jackpot the ATM -- like cash out, just by tapping your phone."

Rodriguez says he alerted the affected vendors -- which include ID Tech, Ingenico, Verifone, Crane Payment Innovations, BBPOS, Nexgo, and the unnamed ATM vendor -- to his findings between seven months and a year ago. Even so, he warns that the sheer number of affected systems and the fact that many point-of-sale terminals and ATMs don't regularly receive software updates -- and in many cases require physical access to update -- mean that many of those devices likely remain vulnerable. "Patching so many hundreds of thousands of ATMs physically, it's something that would require a lot of time," Rodriguez says.

Amazon's cloud services giant Amazon Web Services (AWS) is getting into the encrypted messaging business. From a report: The company has just announced that it has acquired secure communications service Wickr -- a messaging app that has geared itself towards providing services to government and military groups and enterprises. It claims to be the only "collaboration service" that meets security criteria set out by the NSA. AWS will continue operating Wickr as is, and offer its services to AWS customers, "effective immediately," notes a blog post from Stephen Schmidt, the VP and CISO for AWS, announcing the news. Financial terms were not disclosed in the short announcement. Wickr had raised just under $60 million in funding according to PitchBook data (it also notes a valuation of under $30 million but that seems to be a very old estimate).

London Underground passengers will be able to get mobile coverage across the rail network by the end of 2024, it has been announced. MacRumors reports: In a press release, Transport for London (TfL) said the capital's Oxford Circus, Tottenham Court Road and Bank stations would be among the first fully connected stations by the end of the year, followed by Tottenham Court Road, Euston, and Camden Town by the end of 2022. Mobile reception was introduced on the eastern half of the Jubilee line in March last year. TfL says the additional infrastructure will support 5G as well as 4G, but that it will be the responsibility of mobile operators to offer support for the fastest network speeds.

TfL is partnering with BAI Communications (BAI), a global provider of 4G and 5G connected infrastructure, to plug so-called coverage "not-spots" in the underground network. The over 1,242 miles of fibre cabling installed in London Underground tunnels will also benefit above-ground coverage for buildings and other infrastructure by allowing more mobile transmitters to be installed.

Microsoft's market capitalization hit $2 trillion for the first time. GeekWire reports: The Redmond, Wash.-based tech giant trails only Apple among the world's most valuable companies. Apple became the first publicly traded U.S. company to reach the $2 trillion mark in August. Fellow Seattle-area giant Amazon, valued Tuesday at $1.77 trillion, is also approaching the $2 trillion club. Microsoft stock was up 1.1% Tuesday and is up more than 20% this year.

The company continues to see growing demand for its cloud services as the pandemic has accelerated technology adoption. It beat quarterly expectations with $41.7 billion in revenue for the March quarter, up 19% year-over-year -- its biggest revenue growth since 2018 -- and profits of $15.5 billion, up 44%. A Wedbush report last month projected more growth ahead for Microsoft, with Azure's cloud momentum "still in its early days" and the company "firmly positioned to gain more market share vs. AWS in this cloud arms race." Microsoft also continues to invest heavily in its gaming business; add new features to its Teams collaboration software; and is staying active in the M&A arena with its $19.7 billion acquisition of Nuance Communications and reported interest in Discord and Pinterest.

After six months of check-out and calibration in orbit, the Sentinel-6 Michael Freilich satellite will make its first two data streams available to the public on June 22. It launched from Vandenberg Air Force Base in California on Nov. 21, 2020, and is a U.S.-European collaboration to measure sea surface height and other key ocean features, such as ocean surface wind speed and wave height. Phys.Org reports: One of the sea surface height data streams that will be released is accurate to 2.3 inches (5.8 centimeters) and will be available within hours of when the instruments aboard Sentinel-6 Michael Freilich collect it. A second stream of data, accurate to 1.4 inches (3.5 centimeters), will be released two days after collection. The difference in when the products become available balances accuracy with delivery timeliness for tasks like forecasting the weather and helping to monitor the formation of hurricanes. More datasets, which will be accurate to about 1.2 inches (2.9 centimeters), are slated for distribution later this year and are intended for research activities and climate science including tracking global mean sea level rise.

The satellite, named after former NASA Earth Science Division Director Michael Freilich, collects its measurements for about 90% of the world's oceans. It is one of two satellites that compose the Copernicus Sentinel-6/Jason-CS (Continuity of Service) mission. The second satellite, Sentinel-6B, is slated for launch in 2025. Together, they are the latest in a series of spacecraft starting with TOPEX/Poseidon in 1992 and continuing with the Jason series of satellites that have been gathering precise ocean height measurements for nearly 30 years. Shortly after launch, Sentinel-6 Michael Freilich moved into position, trailing the current reference sea level satellite Jason-3 by 30 seconds. Scientists and engineers then spent time cross-calibrating the data collected by both satellites to ensure the continuity of measurements between the two. Once they have are assured of the data quality, Sentinel-6 Michael Freilich will then become the primary sea level satellite.

"Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones," reports CNET: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet. Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort.

Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages...

Google credits the Linux community programmers who began the Rust for Linux project. "The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system," Google said in a blog post...

[Rust] has been the most loved programming language for five years running in Stack Overflow's annual developer survey. "Rust represents the best alternative to C and C++ currently available," Microsoft's security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust's checks happen while software is being built, the safety doesn't come at the expense of performance when the software is running.

The goal of the Linux on Rust project isn't to replace all of Linux's C code but rather to improve selective and new parts.

The Biden administration Thursday unveiled a new mapping tool that shows much greater gaps in use of high-speed internet service across the U.S. than the government's previous maps reported. From a report: The White House is pushing for big spending to provide more, better broadband service to underserved areas after the pandemic made Americans more dependent than ever on their internet connections. The new, zoomable map draws on a wider pool of data than existing maps by the Federal Communications Commission, which relied exclusively on industry-provided data that overstated broadband penetration.

The map raises questions about the gap between internet availability and actual usage, with usage reports indicating wide swaths of the country are not making a home broadband connection. The new "Indicators of Broadband Need" map, developed by the White House and the telecommunications branch of the Commerce Department, pulls together different data sets from Ookla, M-Lab, Microsoft, the Federal Communications Commission and the Census Bureau. The overlapping data points are meant to paint a picture of the areas that need more, better broadband. The map also includes data on places that reported a lack of connection by computer, smartphone or tablet and information on broadband usage in high-poverty communities.

Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones. From a report: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet.

Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort. Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

For three years until his departure this January, Simon McLaren served as the director of communications for Blade, the urban aviation startup that went public earlier this year at a valuation of more than $800 million. His work in that time was largely what you'd expect of a company spokesperson -- except for the fact that Simon McLaren doesn't actually exist. Business Insider reports: After Insider sought to verify McLaren's identity, Blade CEO Rob Wiesenthal admitted in an interview that McLaren was a made-up persona invented by him and his colleagues, and that Wiesenthal masqueraded as McLaren in telephone conversations with news outlets. The ruse lasted for years, duped numerous journalists, and included a puzzling public drama around McLaren's purported departure from Blade. None of it was real. Numerous news outlets quoted Simon McLaren as though he were a real spokesperson.

McLaren has no substantial online presence outside of a Blade email address, a Twitter account created last December, and a Medium profile created last November. His personal website, created this January, was registered through a proxy, and he uses a 1966 photo of British racing driver Graham Hill across his accounts in place of a profile picture. Still, McLaren has been treated as a real human by a variety of news outlets since his apparent debut in the pages of Vanity Fair in 2018. Serving as the institutional voice of Blade in stories about the company's compliance with federal regulations, medical supply shuttles, and negotiations with the town of East Hampton, McLaren has been quoted by the New York Times, the New York Post, Curbed, the Washington Post, Fox Business, and CNN.