In the case of Firefox users, some discovered that the new default Windows 10 browser, which is shipped to their devices via Windows Update, sometimes imports the data from Mozilla’s application even if they don’t give their permission.
Some of these Firefox users decided to kill the initial setup process of Microsoft Edge, only to discover that despite the wizard shutting down prematurely, the browser still copied data stored by Mozilla’s browser.
Several users confirmed on reddit that this behavior happened on their computers too.
Silent data importing
“Love rebooting my computer to get treated to a forced tour of a browser I’m not going to use that I have to force close through the task manager to escape, and then finding out it’s been copying over my data from Firefox without permission,” one user explains.
“Unless you close it via task manager instead of doing the forced setup, in which case it copies your data anyway, and the worst part is most people will never know what it’s doing because they’ll never open it again. I only reopened it because I noticed it automatically signed me into the browser as it was closing and wanted to sign out before not touching it again, at which point I discovered it had already copied my Firefox data over despite the fact I didn’t go through the setup process,” someone else explains.
Microsoft has remained tight-lipped on this, so for the time being, it’s still not known why Edge imports Firefox data despite the initial wizard actually killed off manually by the user.
Users who don’t want to be offered the new Edge on Windows Update can turn to the dedicated toolkit that Microsoft released earlier this year, while removing the browser is possible by just uninstalling the update from the device.
Facebook has finally said it would now prohibit the sale of all historical artifacts due to rampant black market trade in looted antiquitieson the site, per the New York Times—a problem the social media company has known about for years.
The new rules ban any “attempts to buy, sell or trade in historical artifacts,” defined as “rare items of significant historical, cultural or scientific value,” on Facebook or Instagram. It also comes after years of Facebook doing very little to restrict trade in those same objects.
Reporting last month in the Times found at least 90 Facebook groups, mostly written in Arabic, with tens of thousands of members that were “connected to the illegal trade in Middle Eastern antiquities.” In those groups, salespeople would post images or descriptions of objects and often then direct interested buyers to contact them via chat or other services to arrange payment or meetings in person; in some cases, the buyers simply posted that they were interested in acquiring a specific type of artifact. Some of the groups also trafficked in do-it-yourself guides on how others could get into the black market antiquities trade.
Some of the items may have been originally acquired by Islamic State terrorists, who in addition to destroying thousands of years’ worth of artifacts and archaeological sites in regions under their control in Iraq, Syria, and Libya, looted those sites and other cultural institutions like museums for profit. Armed groups affiliated or working with other extremist groups and criminal organizations have participated as well. A United Nations Security Council report in January 2020 noted evidence of numerous excavations by Islamic State or al-Qaeda affiliates and concluded that social media groups “dedicated to antiquities trafficking continue to be created, while the area of origin of trafficked artefacts increases, continuously revealing a web of interconnectivity among antiquities traffickers.”
While in some cases looters and buyers used coded language to discuss the deals, Antiquities Trafficking and Heritage Anthropology Research Project (ATHAR) co-directors Katie Paul told the Times, in other instances it was all playing out in the open, right down to photos and videos of the objects being stolen to prove they were genuine. Paul told Artnet News that the countries of origin are “places where no legal trade exists,” making the sales uniformly illegal.
The total number of groups identified by researchers and activists is at least 200, according to the Times, and those are just the ones that they have caught onto. ATHAR released a report in 2019 finding “488 individual admins managing a collective 1,947,195 members across 95 Facebook Groups” comprised of a “mix of average citizens, middlemen, and violent extremists,” with what appeared to be a high degree of coordination between the admins of those groups:
Group members include a mix of average citizens, middlemen, and violent extremists. Violent extremists currently include individuals associated with Syrian-based groups like Hay’at Tahrir Al Sham (HTS), Hurras Al-Din, the Zinki Brigade and other non-Syrian based Al-Qaeda or Islamic State in Iraq and Syria (ISIS) affiliates. All of these groups are using Facebook as a platform for antiquities trafficking, whether through direct interaction with buyers and sellers or through the use of middlemen who straddle transactions between the general public and terrorist groups.
Administrators usually demanded that the black market traders cough up fees from any sales related to their membership in groups, according to the report. Around 36 percent of the sellers in an ATHAR case study of Syrian groups were actually located in conflict zones, while another 44 percent were in countries bordering conflict zones.
ATHAR co-director and Shawnee State University professor Amr Al-Azm, who had previously worked in Syria as an antiquities official, told the Times artifacts were also flowing from Yemen, Egypt, and Tunisia and that Facebook could have taken action as early as 2014, when deleting the groups would have had a bigger impact. He added it was a “supply and demand issue” and that deleting Facebook pages instead of archiving evidence destroys “a huge corpus of evidence” that might later be used to track down artifacts.
A Facebook report released on Tuesday acknowledged the issue, conceding significant pitfalls in policies that allowed trade in historical artifacts except where “it is clear that the artifacts have been looted.” Key findings included there is a “good chance that historical artifacts traded online are either illegal or fake, as an estimated 80% of antiquities have ‘sketchy provenances,’” as well as that there “is criticism that Facebook’s policy has led the platform to become a digital black market where users buy and sell illicit antiquities originating from conflict zones.”
Greg Mandel, a spokesperson for Facebook, told the Times that trade in “stolen artifacts” was already prohibited by site rules. (Paul and Al-Azm have disagreed that Facebook was actively enforcing those policies in the past, writing in 2018 that “Facebook does not currently enforce an explicit ban on transactions involving illicit cultural property.”)
“To keep these artifacts and our users safe, we’ve been working to expand our rules, and starting today, we now prohibit the exchange, sale or purchase of all historical artifacts on Facebook and Instagram,” Mandel added.
Paul told the Times the new policy is “an important shift in [Facebook’s] position on the trade in cultural heritage” and demonstrates they are aware of “illegal and harmful activity” on the site. But the policy is “only as good as its enforcement,” she added.
a neural network can be trained to identify photos of dogs by sifting through a large number of photos, making a guess about whether the photo is of a dog, seeing how far off it is and then adjusting its weights and biases until they are closer to reality.
The drawback to this neural network training is something called “chaos blindness”—an inability to predict or respond to chaos in a system. Conventional AI is chaos blind. But researchers from NC State’s Nonlinear Artificial Intelligence Laboratory (NAIL) have found that incorporating a Hamiltonian function into neural networks better enables them to “see” chaos within a system and adapt accordingly.
Simply put, the Hamiltonian embodies the complete information about a dynamic physical system—the total amount of all the energies present, kinetic and potential. Picture a swinging pendulum, moving back and forth in space over time. Now look at a snapshot of that pendulum. The snapshot cannot tell you where that pendulum is in its arc or where it is going next. Conventional neural networks operate from a snapshot of the pendulum. Neural networks familiar with the Hamiltonian flow understand the entirety of the pendulum’s movement—where it is, where it will or could be, and the energies involved in its movement.
In a proof-of-concept project, the NAIL team incorporated Hamiltonian structure into neural networks, then applied them to a known model of stellar and molecular dynamics called the Hénon-Heiles model. The Hamiltonian neural network accurately predicted the dynamics of the system, even as it moved between order and chaos.
“The Hamiltonian is really the ‘special sauce’ that gives neural networks the ability to learn order and chaos,” says John Lindner, visiting researcher at NAIL, professor of physics at The College of Wooster and corresponding author of a paper describing the work. “With the Hamiltonian, the neural network understands underlying dynamics in a way that a conventional network cannot. This is a first step toward physics-savvy neural networks that could help us solve hard problems.”
More information: Anshul Choudhary et al, Physics-enhanced neural networks learn order and chaos, Physical Review E (2020). DOI: 10.1103/PhysRevE.101.062207
Netgear has issued patches to squash security vulnerabilities in two router models that can be exploited to, for instance, open a superuser-level telnet backdoor.
Those two devices are the R6400v2 and R6700v3, and you can get hot-fixes for the holes here. However, some 77 models remain reportedly vulnerable, and no fixes are available. For the full list of Netgear SOHO products said to be at-risk, see the afore-linked page.
Exploit code, developed by infosec outfit Grimm, is available on GitHub for all the models said to be vulnerable: it opens telnet daemon on port 8888, if successful. There’s technical details here.
The bugs lie in the web-based control panel of the Linux-powered equipment. It can be hijacked by sending it specially crafted data, bypassing the password protection, via the local network, or the internet if it is exposed to the world, or by tricking a victim into opening a webpage that automatically connects to the device on the LAN. Once exploited, the device can be commanded to open a backdoor, change its DNS and DHCP settings to redirect users to phishing websites, and so on.
How we got to this situation is an interesting tale. In January, Trend Micro’s Zero-Day Initiative (ZDI) privately contacted Netgear on behalf of a security researcher, called d4rkn3ss, at the Vietnamese government’s national telecoms provider. The egghead had found a way into R6700 routers via a classic buffer overflow attack, and Netgear was informed of the weakness.
ZDI and Netgear eventually agreed on a deadline of June 15 to release any necessary security updates: on that day, ZDI would go public with details of the flaw. At the end of May, Netgear asked for an extension to the end of June. ZDI rejected the request, and on Monday, emitted its advisory.
“This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Netgear R6700 routers,” ZDI explained. “Authentication is not required to exploit this vulnerability.
“The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.”
Since it’s remote code execution, you can completely take over the router.
Speaking to The Register, ZDI senior manager of vulnerability analysis Abdul-Aziz Hariri said: “Since authentication is not required to reach this bug, anyone who can connect to the local network of the router would be capable of exploiting this vulnerability. Since it’s remote code execution, you can completely take over the router.
“In most scenarios, the attacker would be able to possibly upload a custom backdoor software and establish persistence or launch further attacks, like man-in-the-middle attacks.”
While ZDI waited for Netgear to release its patches, Grimm privately reported to Netgear in May it had found the same security hole in a bunch of the manufacturer’s products. When ZDI went public, so did Grimm: publishing an in-depth advisory showing how to exploit the holes, and released full, working proof-of-concept exploit code.
Three days later, Netgear released the aforementioned hot-fixes for two of the models. “We have already provided hot fixes for the R7000 and the R6700. The rest are forth coming,” the router-maker told The Register on Thursday.
The Grimm team noted that Netgear’s firmware lacked basic protections, such as ASLR for its programs, which makes the bugs in the equipment easy to exploit.
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
[,,,]
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, according to Awake co-founder and chief scientist Gary Golomb.
Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.
It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said.
If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.
After this story’s publication, Awake released its research, including the list of domains and extensions. here
All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd.
Awake said Galcomm should have known what was happening.
In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.
“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
[…]
Malicious developers have been using Google’s Chrome Store as a conduit for a long time. After one in 10 submissions was deemed malicious, Google said in 2018 here it would improve security, in part by increasing human review.
But in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security uncovered here a similar Chrome campaign that stole data from about 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
Google has introduced “continuous match mode” for apps on its voice-powered Assistant platform, where it will listen to everything without pausing. At the same time it has debuted related developer tools, new features, and the ability to display web content on its Smart Display hardware using the AMP component framework.
The Chocolate Factory has big plans for its voice assistant. “We consider voice to be the biggest paradigm shift around us,” said director of product Baris Gultekin, speaking at the Voice Global summit, where the new features were introduced.
The goal is “ambient computing”, where you can interact with the big G anywhere at any time, so pervasively that you do not notice it. Voice interaction is a key part of this since it extends the ability to perform searches or run applications to scenarios where tapping a keyboard or touching a display are not possible.
Google Assistant exists in many guises such as on smartphones and watches, TVs, PCs, and also on dedicated hardware, such as the voice-only Google Home and Google Home Mini, or with “smart display” screens on the Google Nest Hub or devices from Lenovo and Harman. While assistant devices have been popular, Android phones (which nag you to set up the Assistant) must form the largest subset of users. Over all the device types, the company claims over 500 million active users.
[…]
Actions Builder will “replace DialogFlow as the preferred way to develop actions on the assistant,” said Shodjai.
Google’s new Action Builder at work
Trying out the new Action Builder, we discovered that running an action under development is impossible if you have the Web and App Activity permission, which lets Google keep a record of your actions, disabled. A dialog appears prompting you to enable it. It is a reminder of how Google Assistant is entwined with the notion that you give Google your data in return for personalised experiences.
[…]
“Sometimes you want to build experiences that enable the mic to remain open, to enable users to speak more naturally with your action, without waiting for a change in mic states,” said Shodjai at the summit and in the developer post.
“Today we are announcing an early access program for Continuous Match Mode, which allows the assistant to respond immediately to user’s speech enabling more natural and fluid experiences. This is done transparently, so that before the mic opens the assistant will announce, ‘the mic will stay open temporarily’, so users know they can now speak freely without waiting for additional prompts.”
The mode is not yet publicly documented. The demonstrated example was for a game with jolly cartoon pictures; but there may be privacy implications since in effect this setting lets the action continue to listen to everything while the mode is active.
Shodjai did not explain how users will end a Continuous Match Mode session but presumably this will be either after a developer-defined exit intent, or via a system intent as with existing actions. Until that happens, the action will be able to keep running.
Just as with personalisation via tracking and data collection, privacy and pervasive computing do not sit comfortably together, and with the new Continuous Match Mode a little more privacy slips away.
LOS ANGELES — The world of 3D printing has come so far that scientists can actually produce biological products like bone, skin and blood vessels. Of course, there are numerous safety risks involved in using 3D-printed body parts in human patients. There is progress on that front, though. Scientists have developed a method for printing body parts that will make procedures involving 3D-printed tissues much safer.
Typically, when scientists print tissues, they transplant them into their patients after being printed. Thanks to a research team led by researchers at the Terasaki Institute, tissues can now be printed directly into a patient’s body.
[…]
“This bio-ink formulation is 3D printable at physiological temperature, and can be crosslinked safely using visible light inside the body.” says first author Ali Asghari Adib, Ph.D, in a media release.
Like squeezing icing onto a cake
Researchers also created a groundbreaking 3D-printing nozzle and an “interlocking” printing technique to use with their bio-ink. Bio-ink can be squeezed through the nozzle of the printer like cake icing is squeezed through a tube. The nozzle also punctures the tissue it’s about to print on so some bio-ink can fill the gaps the nozzle created and serve as an anchor for the 3D-printed tissue
“The interlocking mechanism enables stronger attachments of the scaffolds to the soft tissue substrate inside the patient body,” adds Asghari Adib.
Engineers at the University of California, Davis, have developed a new approach to 3D printing that allows printing of finely tuned flexible materials. By using a droplet-based, multiphase microfluidic system, the team was able to efficiently print materials with potential applications in soft robotics, tissue engineering and wearable technology. The work is published June 15 in the Proceedings of the National Academy of Sciences.
In traditional extrusion-based 3D printers, printing material is pushed through a nozzle and added to the structure repeatedly until the product is complete. While this is efficient and cost-effective, it makes it hard to print structures made of more than one material, and getting the right amount of softness can be challenging.
Jiandi Wan, assistant professor of chemical engineering at UC Davis, noticed that this nozzle was similar to the glass capillary microfluidic devices that his lab studies. These devices have multiple nozzles placed inside of each other.
“Most extrusion-based 3D printers use very simple nozzles and since we had already developed these glass microfluidics, we thought, ‘why not apply it to 3D printing?’” said Wan.
Wan, UC Davis graduate student Hing Jii Mea and Luis Delgadillo, University of Rochester, developed a device that uses a multiphase drip system to encapsulate droplets of a water-based solution containing polyethylene glycol diacrylate, or PEGDA, inside of a common silicon-based organic polymer called polydimethylsiloxane, or PDMS. The PDMS flows around a dripper, which makes tiny droplets of the PEGDA that it evenly inserts into the PDMS as both materials flow onto the structure that’s being printed.
The resulting structure looks like a Pac-Man maze, with little dots of PEGDA droplets surrounded by PDMS. Once the PEGDA diffuses out of the droplets, it chemically softens the PDMS, making the structure more flexible.
“You can also encapsulate other chemicals in the droplets to make the overall matrix much softer or harder,” Wan said.
Structure flexibility can be tuned
The team also showed that droplet-based 3D printing can be used to produce flexible porous objects, and constructs with encapsulated polymer particles and metal droplets. In addition, structure flexibility can be easily tuned by changing the droplet size and flow rate. This gives researchers a wide range of options to truly design their structure and vary flexibility to fit their needs in a way that’s difficult with the conventional nozzle-based method.
Though microfluidic-based 3D printing has been done before, Wan’s group is the first to use this droplet-based multiphase emulsion approach. The team is already looking into potential applications and learning what other combinations of materials they can use to change the mechanical or chemical properties of 3D printed products. They think the work could have applications in bioprinting and wearable electronics, like smart fabrics.
“I think this will open a new area of research, since applying the established microfluidics technology to 3D printing represents a new direction to go,” he said.
Media contact(s)
Jiandi Wan, Chemical Engineering, jdwan@ucdavis.edu
Andy Fell, News and Media Relations, 530-752-4533, ahfell@ucdavis.edu
We develop and characterize a biomaterial formulation and robotic methods tailored for intracorporeal tissue engineering (TE) via direct-write (DW) 3D printing. Intracorporeal TE is defined as the biofabrication of 3D TE scaffolds inside of a living patient, in a minimally invasive manner. A biomaterial for intracorporeal TE requires to be 3D printable and crosslinkable via mechanisms that are safe to native tissues and feasible at physiological temperature (37 °C). The cell-laden biomaterial (bioink) preparation and bioprinting methods must support cell viability. Additionally, the biomaterial and bioprinting method must enable the spatially accurate intracorporeal 3D delivery of the biomaterial, and the biomaterial must adhere to or integrate into the native tissue. Current biomaterial formulations do not meet all the presumed intracorporeal DW TE requirements. We demonstrate that a specific formulation of gelatin methacryloyl (GelMA)/Laponite®/methylcellulose (GLM) biomaterial system can be 3D printed at physiological temperature and crosslinked using visible light to construct 3D TE scaffolds with clinically relevant dimensions and consistent structures. Cell viability of 71-77% and consistent mechanical properties over 21 days are reported. Rheological modifiers, Laponite® and methylcellulose, extend the degradation time of the scaffolds. The DW modality enables the piercing of the soft tissue and over-extrusion of the biomaterial into the tissue, creating a novel interlocking mechanism with soft, hydrated native tissue mimics and animal muscle with a 3.5-4 fold increase in the biomaterial/tissue adhesion strength compared to printing on top of the tissue. The developed GLM biomaterial and robotic interlocking mechanism pave the way towards intracorporeal TE.
Zoom today said it will make end-to-end (E2E) encryption available to all of its users, regardless of whether they pay for it or not.
The videoconferencing overnight-sensation has walked back its initial plan to limit E2E cryptography to schools and paid-for accounts, after facing a storm of criticism for the restriction. It will, from next month, offer strong E2E encryption (E2EE) as a beta to any free account holder willing to hand over their contact number, as well as offering it to enterprise customers. We note that Google Meet and other rival services do not offer E2EE.
“Today, Zoom released an updated E2EE design on GitHub,” Zoom CEO Eric Yuan said. “We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform.
“This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform.”
It should be noted that Zoom already encrypts call in transit with AES-256-GCM cryptography, but that isn’t truly end-to-end: E2EE ensures only the meeting participants, and no one else, can encrypt and decrypt the video, voice, and other data flowing between them during a confab. Zoom points out that that this encryption won’t work on PTSN phone lines. This also excludes SIP/H.323 commercial conferencing gear.
Earlier this year, Yuan argued that Zoom couldn’t protect free calls with E2EE because to do so would thwart important law enforcement operations.
“Free users, for sure, we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan told analysts back in April.
In May, Zoom asked for help from digital rights groups who, apparently, told them to stop messing about and give people encrypted calls, law enforcement concerns be damned.
“Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature,” Yuan said today.
To satisfy the legal issues and requirements, Zoom is asking users to verify their phone numbers by entering a single-use code delivered via text message. “Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts,” Yuan said. “We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”
Needless to say, Zoom has taken no shortage of heat for its handling of security issues since the coronavirus lockdown made the service a household name and brought the upstart under scrutiny.
In response, Zoom moved to bring in the likes of ex-Yahoo! and Facebook CSO Alex Stamos and Luta Security and its founder Katie Mousourris to get its protections up to snuff.
A popular website with a comprehensive database of repair manuals for ventilators and other medical devices has received a letter from a medical equipment company saying that its copyrights are being infringed.
Kyle Wiens, CEO of the repair website iFixit—which posts guides on how to repair anything from sewing machines to video game consoles—shared the letter on Twitter Thursday, sent to him by counsel for Steris Corporation, which makes sterilization and other medical equipment.
“It has come to my attention that you have been reproducing certain installation and maintenance manuals relating to our products, documentation which is protected by copyright law,” the letter said. The letter then went on to tell Wiens to remove all Steris copyrighted material from the iFixit website within 10 days of the letter.
As Motherboard reported in March, major manufacturers of medical devices have long made it difficult for their devices to be repaired through third party repair professionals. Manufacturers have often lobbied against right to repair legislation and many medical devices are controlled by artificial “software locks” that allow only those with authorization to make modifications.
As reported by VICE News last week, a repair technician contracted to repair ventilators for hospitals preparing for COVID-19 said he has struggled to get repair parts or manuals from manufacturers when he has made requests to them.
“I’m disappointed that Steris is resorting to legal threats to stop hospitals from having access to information about how to maintain critical sterilization equipment during a pandemic,” Wiens told Motherboard in an email.
Wiens said he got the idea to post service manuals for medical equipment on iFixit when he began seeing stories about ventilator shortages in Italy. When he saw how some people were using 3-D printers to create ventilator replacement valves, he said he was inspired to create the database of medical equipment guides as a way to help.
“No manufacturer should be stopping hospitals from repairing their equipment,” Wiens said. “The best way to ensure patient safety is to make sure that equipment is being maintained regularly using the manufacturer’s recommended procedures. The only way to do that is if hospitals have up to date manuals.”
With regards to the letter sent by Steris, Wiens said iFixit has not removed any material from its website.
“We explained to Steris that what we did is a lawful and protected fair use under the U.S. Copyright act,” Wiens said.
“iFixit is protected by Section 512 of the Digital Millennium Copyright Act, which allows online platforms to host content contributed by users provided they comply with the Act’s requirements, which iFixit does,” a letter to Steris from the Electronic Frontier Foundation on behalf of iFixit said.
Stitching a patient back together after surgery is a vital but monotonous task for medics, often requiring them to repeat the same simple movements over and over hundreds of times. But thanks to a collaborative effort between Intel and the University of California, Berkeley, tomorrow’s surgeons could offload that grunt work to robots — like a macro, but for automated suturing.
The UC Berkeley team, led by Dr. Ajay Tanwani, has developed a semi-supervised AI deep-learning system, dubbed Motion2Vec. This system is designed to watch publically surgical videos performed by actual doctors, break down the medic’s movements when suturing (needle insertion, extraction and hand-off) and then mimic them with a high degree of accuracy.
“There’s a lot of appeal in learning from visual observations, compared to traditional interfaces for learning in a static way or learning from [mimicking] trajectories, because of the huge amount of information content available in existing videos,” Tanwani told Engadget. When it comes to teaching robots, a picture, apparently, is worth a thousand words.
“YouTube gets 500 hours of new material every minute. It’s an incredible repository, dataset,” Dr. Ken Goldberg, who runs the UC Berkeley lab and advised Tanwani’s team on this study, added. “Any human can watch almost any one of those videos and make sense of it, but a robot currently cannot — they just see it as a stream of pixels. So the goal of this work is to try and make sense of those pixels. That is to look at the video, analyze it, and… be able to segment the videos into meaningful sequences.”
To do this, the team leveraged a siamese network to train its AI. Siamese networks are built to learn the distance functions from unsupervised or weakly-supervised data, Tanwani explained. “The idea here is that you want to produce the high amount of data that is in recombinant videos and compress it into a low dimensional manifold,” he said. “Siamese networks are used to learn the distance functions within this manifold.”
Basically, these networks can rank the degree of similarity between two inputs, which is why they’re often used for image recognition tasks like matching surveillance footage of a person with their drivers license photo. In this case, however, the team is using the network to match the video input of what the manipulator arms are doing with the existing video of a human doctor making the same motions. The goal here being to raise the robot’s performance to near-human levels.
And since the system relies on a semi-supervised learning structure, the team needed just 78 videos from the JIGSAWS database to train their AI to perform its task with 85.5 percent segmentation accuracy and an average 0.94 centimeter error in targeting accuracy.
It’s going to be years before these sorts of technologies make their way to actual operating theaters but Tanwani believes that once they do, surgical AIs will act much like Driver Assist does on today’s semi-autonomous cars. They won’t replace human surgeons so much as augment their performance by taking over low-level, repetitive tasks. The Motion2Vec system isn’t just for suturing. Given proper training data, the AI could eventually be tasked with any of a number of duties, such as debridement (picking dead flesh and debris from a wound), but don’t expect it to perform your next appendectomy.
“We’re not there yet, but what we’re moving towards is the ability for a surgeon, who would be watching the system, indicate where they want a row of sutures, convey that they want six overhand sutures,” Goldberg said. “Then the robot would essentially start doing that and the surgeon would… be able to relax a little bit so that they could then be more rested and able to focus on more complex or nuanced parts of the surgery.”
“We believe that would help the surgeons productively focus their time in performing more complicated tasks,” Tanwani added, “and use technology to assist them in taking care of the mundane routine.”
Researchers have found a way to turn simple line drawings into photo-realistic facial images. Developed by a team at the Chinese Academy of Sciences in Beijing, DeepFaceDrawing uses artificial intelligence to help “users with little training in drawing to produce high-quality images from rough or even incomplete freehand sketches.”
This isn’t the first time we’ve seen tech like this (remember the horrifying results of Pix2Pix’s autofill tool?), but it is certainly the most advanced to date, and it doesn’t require the same level of detail in source sketches as previous iterations have. It works largely through probability — instead of requiring detailed eyelid or lip shapes, for example, the software refers to a database of faces and facial components, and considers how each facial element works with each other. Eyes, nose, mouth, face shape and hair type are all considered separately, and then assembled into a single image.
As the paper explains, “Recent deep image-to-image translation techniques allow fast generation of face images from freehand sketches. However, existing solutions tend to overfit to sketches, thus requiring professional sketches or even edge maps as input. To address this issue, our key idea is to implicitly model the shape space of plausible face images and synthesize a face image in this space to approximate an input sketch. Our method essentially uses input sketches as soft constraints and is thus able to produce high-quality face images even from rough and/or incomplete sketches.”
It’s not clear how the software will handle race. Of the 17,000 sketches and their corresponding photos created so far, the majority have been Caucasian and South American faces. This could be a result of the source data (bias is an ongoing problem in the world of AI), or down to the complexity of face shapes — the researchers don’t provide any further details.
In any case, the technology is due to go on show at this year’s (virtual) SIGGRAPH conference in July. According to the project’s website, code for the software is “coming soon,” which suggests we could see its application in the wild in the coming months — not only as a fun app to play around with, but also potentially in law enforcement, helping to rapidly generate images of suspects.
Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far.
Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election.
Graphika says this new and separate group has been operating since 2014 and has been relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America.
Graphika says that based on previous research, they’ve now tracked down more than 2,500 pieces of content the Secondary group Infektion has posted online since early 2014.
Image: Graphika
According to Graphika’s analysis, most of the group’s content has followed nine primary themes:
Ukraine as a failed state or unreliable partner
The United States and NATO as aggressive and interfering in other countries
Europe as weak and divided
Critics of the Russian government as morally corrupt, alcoholic, or otherwise mentally unstable
Muslims as aggressive invaders
The Russian government as the victim of Western hypocrisy or plots
Western elections as rigged and candidates who criticized the Kremlin as unelectable
Turkey as an aggressive and destabilizing state
World sporting bodies and competitions as unfair, unprofessional, and Russophobic
Graphika says that most of this content has been aimed at attacking classic Russian political rivals like Ukraine, the US, Poland, and Germany, but also other countries where Russian influence came under attack, at one point or another.
Graphika said the group didn’t publish only in English, but also adapted to each target and published content in its local language. In total, researchers found content posted in seven languages.
Image: Graphika
Unlike the IRA, which was primarily focused on creating division at the level of regular citizens, Secondary Infektion’s primary role appears to been to influence decisions at the highest level of foreign governments.
This was done by attempting to influence political decisions by creating fake narratives, pitting Western countries against each other, and by embarrassing anti-Russian politicians using fake articles and forged documents.
“The ‘leaks’ typically exposed some dramatic geopolitical scandal, such as a prominent Kremlin critic’s corrupt dealings or secret American plans to overthrow pro-Kremlin governments around the world,” the Graphika team said today.
The group had operations going during the US presidential elections in 2016, the French elections in 2017, and in Sweden in 2018, but election interferene was never the group’s primary target.
Graphika said the group “aimed to exacerbate divisions between countries, trying to set Poles against Germans, Germans against Americans, Americans against Britons, and absolutely everyone against Ukrainians.”
Secondary Infektion liked blogs more than social media
Furthermore, another way in which Secondary Infektion differed from the more well-known IRA was that while the IRA was mostly active on social media networks, the Secodanry Infektion gang had a broader reach, with a lot of its content being published on blogs and news sites.
Graphika said it found content published on more than 300 platforms, from social media giants such as Facebook, Twitter, YouTube, and Reddit to blogging platforms like WordPress and Medium, but also niche discussion forums in Pakistan and Australia.
Image: Graphika
Graphika researchers also said Secondary Infektion was more advanced than the IRA. Unlike the sloppy IRA operators who were easily traced back to an exact building in Sankt Petersburg, Russia, the mystery about Secondary Infektion’s real identity remains unsolved.
“[Secondary Infektion’s] identity is the single most pressing question to emerge from this study,” the Graphika team wrote in its report today.
Researchers said the group managed to keep its identity secret because they paid very close attention to operational security (OpSec). Graphika says Secondary Infektion agents employed single-use burner accounts for almost everything they posted online, abandoning each account in less than an hour after promoting their content.
This approach has made it more difficult for the group to build a dedicated audience but has allowed it to orchestrate high-impact operations for years, without giving away their infrastructure, modus operandi, and goals.
With its identity still a secret, the group is expected to continue operating and sowing conflict between Russia’s rivals.
Threat intel researchers have uncovered a phishing and malware campaign that targeted “a large European aerospace company” and which was run by the same North Koreans behind the hack of Sony Pictures.
While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing ‘n’ malware campaign it detected on behalf of its unnamed client.
Branded “Operation Interception” by ESET, the researchers claimed the “highly targeted cyberattacks” were being spread by North Korean baddies Lazarus Group, who were behind the 2014 hack of Sony’s American entertainment business.
The threat group’s latest detected campaign involved targeting aerospace folk via LinkedIn, said the infoseccers. ESET researcher Jean-Ian Boutin explained: “In our case they were impersonating Collins Aerospace and General Dynamics (GD), two organisations in the same vertical as the targeted European organisations,”. He said the Norks were targeting people who worked in “sales, marketing, tech, general admin” roles.
Collins and GD are two of the bigger names in North American aerospace; among other things, Collins makes avionic instruments and software while GD has fingers in pies ranging from the F-16 fighter jet through Gulfstream corporate aircraft, US Navy submarines and armoured vehicles. As bait dangled before honest people hoping to take a major step forwards in an aerospace career, these two companies were tempting lures.
“The [job] offer seemed too good to be true,” said Boutin as he explained the Lazarus ruse to The Reg. “Maybe [the recipient’s] career could take off in a big way?”
Once into a target’s network the criminals would try to brute-force any Active Directory admin accounts they could find, as well as exfiltrate data by bundling it into a RAR archive and trying to upload it to a Dropbox account.
After the victim had been suitably reeled in, Lazarus would try to induce them to download a password-protected RAR archive “containing a LNK file.” Once clicked, that LNK file appeared to the victim to download a PDF containing job information. In the background, however, it also downloaded a malicious EXE that created a bunch of folders and set a Windows scheduled task to run a remote script every so often.
ESET illustration showing the Lazarus Group attack progression
The attackers were most insistent that the victim only respond to their job offer on a Windows machine running Internet Explorer. Once in, they resorted to PowerShell – taking advantage of the fact that “the logging of executed PowerShell commands is disabled by default,” although evidence was found that the Lazarus crew went through the connected domain to enumerate all Active Directory accounts before trying to brute-force their way into admin accounts.
To avoid Windows security features blocking their malware, Lazarus also signed their code using a certificate first issued to 16:20 Software LLC, an American firm said by ESET to have been incorporated in May 2010.
Among other clues linking the malware’s components back to North Korea, Boutin said his team had seen build timestamps “added by the compiler showing when the executable was compiled” which neatly cross-referenced with normal office hours for East Asia. Corroborating that were some “host fingerprinting” techniques which uncovered various digital fragments “similar to backdoors the Lazarus Group is known to use,” as Boutin put it.
What made the lure so sneaky was the fact it was targeting potential jobseekers looking to leave their current employer, a fact that Boutin speculated may have made some victims less likely to report it to their current employer’s cybersecurity teams.
Researchers used a computer simulation to show how a flushing toilet can create a cloud of virus-containing aerosol droplets that is large and widespread and lasts long enough that the droplets could be breathed in by others.
With recent studies showing the novel coronavirus that causes COVID-19 can survive in the human digestive tract and show up in feces of the infected, this raises the possibility the disease could be transmitted with the use of toilets.
Toilet flushing creates a great deal of turbulence, and qualitative evidence suggests this can spread both bacteria and viruses. The public, however, remains largely unaware of this infection pathway, since few quantitative studies have been carried out to investigate this possible mechanism.
In the journal Physics of Fluids, precise computer models were used to simulate water and air flows in a flushing toilet and the resulting droplet cloud. The investigators used a standard set of fluid dynamic formulas, known as the Navier-Stokes equations, to simulate flushing in two types of toilet—one with a single inlet for flushing water, and another with two inlets to create a rotating flow.
The investigators also used a discrete phase model to simulate movement of the numerous tiny droplets likely to be ejected from the toilet bowl into the air. A similar model was used recently to simulate the movement of aerosol droplets ejected during a human cough.
The results of the simulations were striking.
As water pours into the toilet bowl from one side, it strikes the opposite side, creating vortices. These vortices continue upward into the air above the bowl, carrying droplets to a height of nearly 3 feet, where they might be inhaled or settle onto surfaces. These droplets are so small they float in the air for over a minute. A toilet with two inlet ports for water generates an even greater velocity of upward flowing aerosol particles.
“One can foresee that the velocity will be even higher when a toilet is used frequently, such as in the case of a family toilet during a busy time or a public toilet serving a densely populated area,” said co-author Ji-Xiang Wang, of Yangzhou University.
The simulations show that nearly 60% of the ejected particles rise high above the seat for a toilet with two inlet ports. A solution to this deadly problem is to simply close the lid before flushing, since this should decrease aerosol spread.
However, in many countries, including the United States, toilets in public restrooms are often without lids. This poses a serious hazard. The investigators also suggest a better toilet design would include a lid that closes automatically before flushing.
The typical approach to increasing the resolution of an image is to start with the low-res version and use intelligent algorithms to predict and add additional details and pixels in order to artificially generate a high-res version. But because a low-res version of an image can lack significant details, fine features are often lost in the process, resulting in, particularly with faces, an overly soft and smoothed out appearance in the results lacking fine details. The approach a team of researchers from Duke University has developed, called Pulse (Photo Upsampling via Latent Space Exploration), tackles the problem in an entirely different way by taking advantage of the startling progress made with machine learning in recent years.
The Pulse research team from Duke University demonstrating the results (the lower row of headshots) of Pulse processing a low-res image (the middle row of headshots) compared to the original (the top row of headshots) high-res photos.
Pulse starts with a low-res image, but it doesn’t work with or process it directly. It instead uses it as a target reference for an AI-based face generator that relies on generative adversarial networks to randomly create realistic headshots. We’ve seen these tools used before in videos where thousands of non-existent but lifelike headshots are generated, but in this case, after the faces are created, they’re downsized to the resolution of the original low-res reference and compared it against it, looking for a match. It seems like an entirely random process that would take decades to find a high-res face that matches the original sample when it’s shrunk, but the process is able to quickly find a close comparison and then gradually tweak and adjust it until it produces a down-sampled result that matches the original low-res sample.
T-Mobile’s network is having an issue with voice and data service. There was a huge spike in outage reports on Down Detector starting at around 1 PM ET today, with many people across the US suggesting on that site and Twitter that they’re having problems. By around 3:30 PM ET, Down Detector had collected more than 82,000 outage reports.
Some people are unable to make or receive calls, but Wi-Fi calling still seems to work (in case you’re wondering why you can still call someone else from a T-Mobile phone right now). There are problems with data service too. T-Mobile’s president of technology Neville Ray confirmed the issue and said the company’s engineers are working to resolve them:
The European Commission has launched two separate antitrust investigations into Apple, focused on the App Store and Apple Pay.
The executive branch of the European Union said it would consider App Store rules that force developers to use its own payment and in-app purchase system. In a press release, the Commission referenced a complaint filed by Spotify more than a year ago. At the time, CEO and founder Daniel Ek argued that the 30 percent cut that Apple takes on all transactions — including in-app purchases, which includes Free to Premium Spotify conversions — meant that it would have to raise its prices beyond those offered by Apple Music.
“To keep our price competitive for our customers, that isn’t something we can do,” he explained in a blog post. Of course, it’s possible for Spotify users to upgrade their account on a different platform, including the web. But if you try to sidestep Apple’s payment system, the company will limit your marketing and communications with customers, Elk argued. “In some cases, we aren’t even allowed to send emails to our customers who use Apple,” he wrote. “Apple also routinely blocks our experience-enhancing upgrades. Over time, this has included locking Spotify and other competitors out of Apple services such as Siri, HomePod, and Apple Watch.”
The Commission said it had completed a “preliminary investigation” and found “concerns” that discouraged competition against Apple’s own services. “Apple’s competitors have either decided to disable the in-app subscription possibility altogether or have raised their subscription prices in the app and passed on Apple’s fee to consumers,” the executive branch explained in its press release. “In both cases, they were not allowed to inform users about alternative subscription possibilities outside of the app.”
[…]
The second antitrust investigation will look at Apple Pay, which is effectively the only mobile payments solution available to iPhone and iPad users.
Following a preliminary investigation, the Commission has “concerns” that the situation is stifling competition and reducing consumer choice on the platform. Vestager noted that mobile payments will likely increase even further as European citizens looks to minimize physical contact with physical money and store clerks.
“It is important that Apple’s measures do not deny consumers the benefits of new payment technologies, including better choice, quality, innovation and competitive prices,” she argued. “I have therefore decided to take a close look at Apple’s practices regarding Apple Pay and their impact on competition.”
Hundreds of thousands of sensitive dating app profiles – including images of “a graphic, sexual nature” – were exposed online for anyone stumbling across them to download.
Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records.
Data exposed included photos, many of a graphic, sexual nature; private chats and details of financial transactions; audio recordings; and limited personally identifiable information, the biz stated, adding that it thinks it found sufficient data to blackmail people.
“Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps’ entire AWS infrastructure through unsecured admin credentials and passwords,” vpnMentor’s researchers wrote.
The haul is estimated to contain hundreds of thousands of users’ data, all exposed to the public internet without any authentication. We note vpnMentor thinks this figure could be in the millions.
The storage silo was used by nine rather niche dating apps, including SugarD, which connects sugar daddies with sugar babies, whom they financially support with gifts and cash. Gay Daddy Bear, which targets plus-sized, hairy gay men, was also exposed, we’re told. Data from the-self-explanatory-but-puzzling-in-other-ways Herpes Dating was also revealed.
Just who built the apps and made the fateful decision to misconfigure the buckets is not known, though vpnMentor suspects the nine services share a common developer. Whoever is to blame, they ignored the regular warnings Amazon Web Services sends to S3 customers regarding controlling and limiting access to cloud-hosted data.
Users of the apps can take some small comfort from the fact the buckets were taken offline on 27 May, a day after the researchers informed one of the websites about the risk of unauthorized access
Polish President Andrzej Duda accused the LGBT rights movement Saturday of promoting a viewpoint more harmful than communism and said he agreed with another conservative politician who stated that “LGBT is not people, it’s an ideology.”
Duda made his comments in the small southwestern town of Brzeg as he campaigns for reelection in Poland, a predominantly Catholic nation that spent more than four decades under communist governments.
Gay rights is emerging as a key campaign theme in the presidential election as the race grows close between Duda, backed by the nationalist conservative ruling party, and Warsaw Mayor Rafal Trzaskowski, who has called for tolerance for gays and lesbians.
Duda, who is 48, told his supporters that his parents’ generation did not struggle to cast off communism only to now accept “an ideology” that he thinks “is even more destructive to the human being.”
The president said that during Poland’s communist era, regimes ensured survival by indoctrinating the youngest generation.
“That was Bolshevism. It was the ideologizing of children,” he said. “Today, there are also attempts to push an ideology on us and our children, but different. It’s totally new, but it is also neo-Bolshevism.”
Earlier in the week, Duda signed a declaration drafted for the stated purpose of helping families that included language on “protecting children from LGBT ideology” with a ban on “propagating LGBT ideology in public institutions.”
Many conservative politicians in Poland say they are not against gay men and lesbians as individuals, but insist they oppose the goals of a civil rights movement they claim is imported from abroad and threatens to sexualize young people.
But gay and lesbian Poles and liberal Poles say government officials are adopting a language of dehumanization. They believe Duda and others are targeting homosexuals to curry favor with the powerful Catholic church — which faces allegations of covering up clerical abuse — and shore up support among conservative voters ahead of the election.
Some analysts also suspect that Duda and the governing Law and Justice party are making a bid for far-right voters who will mostly support the candidate of a smaller party, Confederation, in the election’s first round but whose votes will be up for grabs in a runoff.
Over the past few months, OpenAI has vacuumed an incredible amount of data into its artificial intelligence language systems. It sucked up Wikipedia, a huge swath of the rest of the internet and tons of books. This mass of text – trillions of words – was then analyzed and manipulated by a supercomputer to create what the research group bills as a major AI breakthrough and the heart of its first commercial product, which came out on Thursday.
The product name — OpenAI calls it “the API” — might not be magical, but the things it can accomplish do seem to border on wizardry at times. The software can perform a broad set of language tasks, including translating between languages, writing news stories and poems and answering everyday questions. Ask it, for example, if you should keep reading a story, and you might be told, “Definitely. The twists and turns keep coming.”
OpenAI wants to build the most flexible, general purpose AI language system of all time. Typically, companies and researchers will tune their AI systems to handle one, limited task. The API, by contrast, can crank away at a broad set of jobs and, in many cases, at levels comparable with specialized systems. While the product is in a limited test phase right now, it will be released broadly as something that other companies can use at the heart of their own offerings such as customer support chat systems, education products or games, OpenAI Chief Executive Officer Sam Altman said.
[…]
Software developers can begin training the AI system just by showing it a few examples of what they want the code to do. If you ask it a number of questions in a row, for example, the system starts to sense it’s in question-and-answer mode and tweaks its responses accordingly. There are also tools that let you alter how literal or creative you want the AI to be.
But even a layperson – i.e. this reporter – can use the product. You can simply type text into a box, hit a button and get responses. Drop a couple paragraphs of a news story into the API, and it will try to complete the piece with results that vary from I-kinda-fear-for-my-job good to this-computer-might-be-on-drugs bad.
European Union officials are preparing to bring antitrust charges against Amazon for abusing its dominance in internet commerce to box out smaller rivals, according to people with knowledge of the case.
Nearly two years in the making, the case is one of the most aggressive attempts by a government to crimp the power of the e-commerce giant, which has largely sidestepped regulation throughout its 26-year history.
The European Union regulators, who already have a reputation as the world’s most aggressive watchdogs of the technology industry, have determined that Amazon is stifling competition by unfairly using data collected from third-party merchants to boost its own product offerings, said the people, who spoke on the condition of anonymity because the deliberations were private.
The case against Amazon is part of a broader attempt in the United States and Europe to probe the business practices of the world’s largest technology companies, as authorities on both sides of the Atlantic see what they believe is a worrying concentration of power in the digital economy.
Margarethe Vestager, the European Commissioner who leads antitrust enforcement and digital policy, is also examining practices by Apple and Facebook. In Washington, the Justice Department, Federal Trade Commission and Congress are targeting Amazon, Apple, Facebook and Google.
William Kovacic, a law professor at George Washington University, said the tech industry was facing a “striking critical mass” of attention from governments around the world, including Australia, Brazil and India. He said that regulators in Brussels and Washington may deploy so-called interim measures against the companies, a rarely used tool that could force Amazon and other large tech platforms to halt certain practices while a case is litigated.
[…]
The case stems from Amazon’s treatment of third-party merchants who rely on its website to reach customers. Investigators have focused on Amazon’s dual role as both the owner of its online store and a seller of goods that compete with other sellers, creating a conflict of interest.
Authorities in Europe have concluded that Amazon abuses its position to give its own products preferential treatment. European officials have spent the past year interviewing merchants and others who depend on Amazon to better understand how it collects data to use to its advantage, including agreements that require them to share certain data with Amazon as a condition of selling goods on the platform.
Many merchants have complained that if they have a product that is selling well on Amazon, the company will then introduce its own product at a lower price, or give it more prominent placement on the website.
Back in March, the Internet Archive launched its National Emergency Library, a program that made roughly 1.4 million books available to the public without the usual waitlists. But on Wednesday, the organization announced it was ending the program two weeks early after four major publishers decided to sue Internet Archive for copyright infringement.
Internet Archive explained in a blog post that after June 16, it would revert to a controlled digital lending model, in which libraries lend patrons digitized copies of a physical book one at a time. “We moved up our schedule because, last Monday, four commercial publishers chose to sue Internet Archive during a global pandemic,” the non-profit said. “However, this lawsuit is not just about the temporary National Emergency Library. The complaint attacks the concept of any library owning and lending digital books, challenging the very idea of what a library is in the digital world.”
By eliminating waitlists, the National Emergency Library program effectively upended how publishers have thus far controlled how libraries distribute ebooks. Under the usual system, publishers sell two-year licenses that cost several times more than what you’d pay if you just bought the book outright. Internet Archive’s program basically made it so any number of people could temporarily download a single ebook an infinite number of times between March 24 and June 30, the original end date for the program.
In their complaint, Hachette, HarperCollins, Penguin Random House, and John Wiley & Sons allege that in addition to violating copyrights, Internet Archive’s free ebook program “grossly exceed legitimate library services” and “constitute willful digital piracy on an industrial scale.”
Before blasting Internet Archive for capitulating, this lawsuit has the ability to tank the organization—probably best known for its Wayback Machine web archiving tool—for good. Publishers could claim up to $150,000 in damages per title. When you multiply that by the 1.4 million works Internet Archive put up for free, the final number could be astronomical, and well beyond the nonprofit’s ability to pay. A win for publishers would put Internet Archive’s other projects at risk.
It appears that publishers aren’t just after Internet Archive’s temporary free ebook initiative. The complaint also contends that controlled digital lending is an “invented theory” and that its rules “have been concocted from whole cloth and continue to get worse.” It also contends that Internet Archive’s “one-to-one conflation of print and ebooks is fundamentally flawed.” Controlled digital lending, however, isn’t unique to Internet Archive. It’s a framework that’s been supported by several libraries over the years, including many university libraries like UC Berkeley Library. Publishers winning this lawsuit may potentially also put the kibosh on the entire controlled digital lending model.
It’s clear that Internet Archive’s decision was intended to appease publishers into dropping the suit. According to Internet Archive, some academic publishers who were initially displeased with the National Emergency Library eventually came around. That said, it’s unclear whether commercial publishers would do the same, as they have everything to gain by strengthening their hold over ebook copyrights.
