Courts Close the Loophole Letting the Feds Search Your Phone At the Border

On Wednesday, Judge Nina Morrison ruled that cellphone searches at the border are “nonroutine” and require probable cause and a warrant, likening them to more invasive searches due to their heavy privacy impact. As reported by Reason, this decision closes the loophole in the Fourth Amendment’s protection against unreasonable searches and seizures, which Customs and Border Protection (CBP) agents have exploited. Courts have previously ruled that the government has the right to conduct routine warrantless searches for contraband at the border. From the report: Although the interests of stopping contraband are “undoubtedly served when the government searches the luggage or pockets of a person crossing the border carrying objects that can only be introduced to this country by being physically moved across its borders, the extent to which those interests are served when the government searches data stored on a person’s cell phone is far less clear,” the judge declared. Morrison noted that “reviewing the information in a person’s cell phone is the best approximation government officials have for mindreading,” so searching through cellphone data has an even heavier privacy impact than rummaging through physical possessions. Therefore, the court ruled, a cellphone search at the border requires both probable cause and a warrant. Morrison did not distinguish between scanning a phone’s contents with special software and manually flipping through it.

And in a victory for journalists, the judge specifically acknowledged the First Amendment implications of cellphone searches too. She cited reporting by The Intercept and VICE about CPB searching journalists’ cellphones “based on these journalists’ ongoing coverage of politically sensitive issues” and warned that those phone searches could put confidential sources at risk. Wednesday’s ruling adds to a stream of cases restricting the feds’ ability to search travelers’ electronics. The 4th and 9th Circuits, which cover the mid-Atlantic and Western states, have ruled that border police need at least “reasonable suspicion” of a crime to search cellphones. Last year, a judge in the Southern District of New York also ruled (PDF) that the government “may not copy and search an American citizen’s cell phone at the border without a warrant absent exigent circumstances.”

Read more of this story at Slashdot.

Crooks Bypassed Google’s Email Verification To Create Workspace Accounts, Access 3rd-Party Services

Brian Krebs writes via KrebsOnSecurity: Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. […] Google Workspace offers a free trial that people can use to access services like Google Docs, but other services such as Gmail are only available to Workspace users who can validate control over the domain name associated with their email address. The weakness Google fixed allowed attackers to bypass this validation process. Google emphasized that none of the affected domains had previously been associated with Workspace accounts or services.

“The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification during the signup process,” [said Anu Yamunan, director of abuse and safety protections at Google Workspace]. “The vector here is they would use one email address to try to sign in, and a completely different email address to verify a token. Once they were email verified, in some cases we have seen them access third party services using Google single sign-on.” Yamunan said none of the potentially malicious workspace accounts were used to abuse Google services, but rather the attackers sought to impersonate the domain holder to other services online.

Read more of this story at Slashdot.

ServiceNow Embroiled In DOJ Probe of Government Contract Award

snydeq shares a report from CIO.com: ServiceNow has reported potential compliance issues to the US Department of Justice “related to one of its government contracts” as well as the hiring of the then-CIO of the US Army to be its head of global public sector, the company said in regulatory filings on Wednesday. The DOJ is looking into the matter. Following an internal investigation, ServiceNow said, its President and COO, CJ Desai, has resigned, while “the other individual has also departed the company.” That executive, Raj Iyer, told CIO.com, “I resigned because I didn’t want to be associated with this fiasco in any way. It’s not my fault.”

CEO Bill McDermott told financial analysts in a conference call Wednesday that someone within ServiceNow had complained about the situation and that an internal probe “determined that our company policy was violated.”

“Acting with total transparency, the company proactively disclosed the findings of the investigation to the proper government entities. And as a result, today, we’re announcing the departure of the individual whose hiring was the subject of the original complaint,” McDermott said. “We also came to a mutual agreement that CJ Desai, our President and COO, would offer his resignation from the company effective immediately. While we believe this was an isolated incident, we are further sharpening our hiring policies and procedures as a result of the situation.”

Read more of this story at Slashdot.

California Supreme Court Upholds Gig Worker Law In a Win For Ride-Hail Companies

In a major victory for ride-hail companies, California Supreme Court upheld a law classifying gig workers as independent contractors, maintaining their ineligibility for benefits such as sick leave and workers’ compensation. This decision concludes a prolonged legal battle and supports the 2020 ballot measure Proposition 22, despite opposition from labor groups who argued it was unconstitutional. Politico reports: Thursday’s ruling capped a yearslong battle between labor and the companies over the status of workers who are dispatched by apps to deliver food, buy groceries and transport customers. A 2018 Supreme Court ruling and a follow-up bill would have compelled the gig companies to treat those workers as employees. A collection of five firms then spent more than $200 million to escape that mandate by passing the 2020 ballot measure Proposition 22 in one of the most expensive political campaigns in American history. The unanimous ruling on Thursday now upholds the status quo of the gig economy in California.

As independent contractors, gig workers are not entitled to benefits like sick leave, overtime and workers’ compensation. The SEIU union and four gig workers, ultimately, challenged Prop 22 based on its conflict with the Legislature’s power to administer workers’ compensation, specifically. The law, which passed with 58 percent of the vote in 2020, makes gig workers ineligible for workers’ comp, which opponents of Prop 22 argued rendered the entire law unconstitutional. […] Beyond the implications for gig workers, the heavily-funded Prop 22 ballot campaign pushed the limits of what could be spent on an initiative, ultimately becoming the most expensive measure in California history. Uber and Lyft have both threatened to leave any states that pass laws not classifying their drivers as independent contractors. The decision Thursday closes the door to that possibility for California.

Read more of this story at Slashdot.

AI Models Face Collapse If They Overdose On Their Own Output

According to a new study published in Nature, researchers found that training AI models using AI-generated datasets can lead to “model collapse,” where models produce increasingly nonsensical outputs over generations. “In one example, a model started with a text about European architecture in the Middle Ages and ended up — in the ninth generation — spouting nonsense about jackrabbits,” writes The Register’s Lindsay Clark. From the report: [W]ork led by Ilia Shumailov, Google DeepMind and Oxford post-doctoral researcher, found that an AI may fail to pick up less common lines of text, for example, in training datasets, which means subsequent models trained on the output cannot carry forward those nuances. Training new models on the output of earlier models in this way ends up in a recursive loop. In an accompanying article, Emily Wenger, assistant professor of electrical and computer engineering at Duke University, illustrated model collapse with the example of a system tasked with generating images of dogs. “The AI model will gravitate towards recreating the breeds of dog most common in its training data, so might over-represent the Golden Retriever compared with the Petit Basset Griffon Vendéen, given the relative prevalence of the two breeds,” she said.

“If subsequent models are trained on an AI-generated data set that over-represents Golden Retrievers, the problem is compounded. With enough cycles of over-represented Golden Retriever, the model will forget that obscure dog breeds such as Petit Basset Griffon Vendeen exist and generate pictures of just Golden Retrievers. Eventually, the model will collapse, rendering it unable to generate meaningful content.” While she concedes an over-representation of Golden Retrievers may be no bad thing, the process of collapse is a serious problem for meaningful representative output that includes less-common ideas and ways of writing. “This is the problem at the heart of model collapse,” she said.

Read more of this story at Slashdot.