MIT Researchers Build Tiny Tamper-Proof ID Tag Utilizing Terahertz Waves

A few years ago, MIT researchers invented a cryptographic ID tag — but like traditional RFID tags, “a counterfeiter could peel the tag off a genuine item and reattach it to a fake,” writes MIT News.

“The researchers have now surmounted this security vulnerability by leveraging terahertz waves to develop an antitampering ID tag that still offers the benefits of being tiny, cheap, and secure.”

They mix microscopic metal particles into the glue that sticks the tag to an object, and then use terahertz waves to detect the unique pattern those particles form on the item’s surface. Akin to a fingerprint, this random glue pattern is used to authenticate the item, explains Eunseok Lee, an electrical engineering and computer science (EECS) graduate student and lead author of a paper on the antitampering tag. “These metal particles are essentially like mirrors for terahertz waves. If I spread a bunch of mirror pieces onto a surface and then shine light on that, depending on the orientation, size, and location of those mirrors, I would get a different reflected pattern. But if you peel the chip off and reattach it, you destroy that pattern,” adds Ruonan Han, an associate professor in EECS, who leads the Terahertz Integrated Electronics Group in the Research Laboratory of Electronics.

The researchers produced a light-powered antitampering tag that is about 4 square millimeters in size. They also demonstrated a machine-learning model that helps detect tampering by identifying similar glue pattern fingerprints with more than 99 percent accuracy. Because the terahertz tag is so cheap to produce, it could be implemented throughout a massive supply chain. And its tiny size enables the tag to attach to items too small for traditional RFIDs, such as certain medical devices…

“These responses are impossible to duplicate, as long as the glue interface is destroyed by a counterfeiter,” Han says. A vendor would take an initial reading of the antitampering tag once it was stuck onto an item, and then store those data in the cloud, using them later for verification.”
Seems like the only way to thwart that would be carving out the part of the surface where the tag was affixed — and then pasting the tag, glue, and what it adheres to all together onto some other surface. But more importantly, Han says they’d wanted to demonstrate “that the application of the terahertz spectrum can go well beyond broadband wireless.”

In this case, you can use terahertz for ID, security, and authentication. There are a lot of possibilities out there.”

Read more of this story at Slashdot.

EU to Fine Apple $500M+ for Stifling Music Competitors Like Spotify

“Apple will reportedly have to pay around €500 million (about $539 million USD) in the EU,” reports the Verge, “for stifling competition against Apple Music on the iPhone.
Financial Times reported this morning that the fine comes after regulators in Brussels, Belgium investigated a Spotify complaint that Apple prevented apps from telling users about cheaper alternatives to Apple’s music service…. The EU whittled its objections down to oppose Apple’s refusal to let developers even link out to their own subscription sign-ups within their apps — a policy that Apple changed in 2022 following regulatory pressure in Japan.

$500 million may sound like a lot, but a much bigger fine of close to $40 billion (or 10 percent of Apple’s annual global turnover) was on the table when the EU updated its objections last year. Apple was charged over a billion dollars in 2020, but French authorities dropped that to about $366 million after the company appealed.
The Verge cites an Apple spokesperson who said a year ago that the EU case “has no merit.”

Reuters that the EU’s fine “is expected to be announced early next month, the Financial Times said.”

More from Politico

The fine would be the EU’s first ever against Apple and is expected to be announced early next month, according to the FT report. It is the result of a European Commission antitrust probe into whether Apple’s “anti-steering” requirements breach the bloc’s abuse of dominance rules, harming music consumers “who may end up paying more” for apps… The Commission will rule that Apple’s actions are illegal and against EU competition rules, according to the report.
“The EU executive will ban Apple’s practice of barring music services from letting users know of cheaper alternatives outside the App Store, according to the newspaper.”

Read more of this story at Slashdot.

Thanks to Machine Learning, Scientist Finally Recover Text From The Charred Scrolls of Vesuvius

The great libraries of the ancient classical world are “legendary… said to have contained stacks of texts,” writes ScienceAlert. But from Rome to Constantinople, Athens to Alexandria, only one collection survived to the present day.

And here in 2024, “we can now start reading its contents.”

A worldwide competition to decipher the charred texts of the Villa of Papyri — an ancient Roman mansion destroyed by the eruption of Mount Vesuvius — has revealed a timeless infatuation with the pleasures of music, the color purple, and, of course, the zingy taste of capers. The so-called Vesuvius challenge was launched a few years ago by computer scientist Brent Seales at the University of Kentucky with support from Silicon Valley investors. The ongoing ‘master plan’ is to build on Seales’ previous work and read all 1,800 or so charred papyri from the ancient Roman library, starting with scrolls labeled 1 to 4.

In 2023, the annual gold prize was awarded to a team of three students, who recovered four passages containing 140 characters — the longest extractions yet. The winners are Youssef Nader, Luke Farritor, and Julian Schilliger. “After 275 years, the ancient puzzle of the Herculaneum Papyri has been solved,” reads the Vesuvius Challenge Scroll Prize website. “But the quest to uncover the secrets of the scrolls is just beginning….” Only now, with the advent of X-ray tomography and machine learning, can their inky words be pulled from the darkness of carbon.
A few months ago students deciphered a single word — “purple,” according to the article. But “That winning code was then made available for all competitors to build upon.”
Within three months, passages in Latin and Greek were blooming from the blackness, almost as if by magic. The team with the most readable submission at the end of 2023 included both previous finders of the word ‘purple’. Their unfurling of scroll 1 is truly impressive and includes more than 11 columns of text. Experts are now rushing to translate what has been found. So far, about 5 percent of the scroll has been unrolled and read to date. It is not a duplicate of past work, scholars of the Vesuvius Challenge say, but a “never-before-seen text from antiquity.”
One line reads: “In the case of food, we do not right away believe things that are scarce to be absolutely more pleasant than those which are abundant.”

Thanks to davidone (Slashdot reader #12,252) for sharing the article.

Read more of this story at Slashdot.

Microsoft President: ‘You Can’t Believe Every Video You See or Audio You Hear’

“We’re currently witnessing a rapid expansion in the abuse of these new AI tools by bad actors,” writes Microsoft VP Brad Smith, “including through deepfakes based on AI-generated video, audio, and images.

“This trend poses new threats for elections, financial fraud, harassment through nonconsensual pornography, and the next generation of cyber bullying.” Microsoft found its own tools being used in a recently-publicized episode, and the VP writes that “We need to act with urgency to combat all these problems.”

Microsoft’s blog post says they’re “committed as a company to a robust and comprehensive approach,” citing six different areas of focus:

A strong safety architecture. This includes “ongoing red team analysis, preemptive classifiers, the blocking of abusive prompts, automated testing, and rapid bans of users who abuse the system… based on strong and broad-based data analysis.”
Durable media provenance and watermarking. (“Last year at our Build 2023 conference, we announced media provenance capabilities that use cryptographic methods to mark and sign AI-generated content with metadata about its source and history.”)
Safeguarding our services from abusive content and conduct. (“We are committed to identifying and removing deceptive and abusive content” hosted on services including LinkedIn and Microsoft’s Gaming network.)
Robust collaboration across industry and with governments and civil society. This includes “others in the tech sector” and “proactive efforts” with both civil society groups and “appropriate collaboration with governments.”
Modernized legislation to protect people from the abuse of technology. “We look forward to contributing ideas and supporting new initiatives by governments around the world.”
Public awareness and education. “We need to help people learn how to spot the differences between legitimate and fake content, including with watermarking. This will require new public education tools and programs, including in close collaboration with civil society and leaders across society.”

Thanks to long-time Slashdot reader theodp for sharing the article

Read more of this story at Slashdot.

Will ‘Precision Agriculture’ Be Harmful to Farmers?

Modern U.S. farming is being transformed by precision agriculture, writes Paul Roberts, the founder of securepairs.org and Editor in Chief at Security Ledger.

Theres autonomous tractors and “smart spraying” systems that use AI-powered cameras to identify weeds, just for starters. “Among the critical components of precision agriculture: Internet- and GPS connected agricultural equipment, highly accurate remote sensors, ‘big data’ analytics and cloud computing…”

As with any technological revolution, however, there are both “winners” and “losers” in the emerging age of precision agriculture… Precision agriculture, once broadly adopted, promises to further reduce the need for human labor to run farms. (Autonomous equipment means you no longer even need drivers!) However, the risks it poses go well beyond a reduction in the agricultural work force. First, as the USDA notes on its website: the scale and high capital costs of precision agriculture technology tend to favor large, corporate producers over smaller farms. Then there are the systemic risks to U.S. agriculture of an increasingly connected and consolidated agriculture sector, with a few major OEMs having the ability to remotely control and manage vital equipment on millions of U.S. farms… (Listen to my podcast interview with the hacker Sick Codes, who reverse engineered a John Deere display to run the Doom video game for insights into the company’s internal struggles with cybersecurity.)

Finally, there are the reams of valuable and proprietary environmental and operational data that farmers collect, store and leverage to squeeze the maximum productivity out of their land. For centuries, such information resided in farmers’ heads, or on written or (more recently) digital records that they owned and controlled exclusively, typically passing that knowledge and data down to succeeding generation of farm owners. Precision agriculture technology greatly expands the scope, and granularity, of that data. But in doing so, it also wrests it from the farmer’s control and shares it with equipment manufacturers and service providers — often without the explicit understanding of the farmers themselves, and almost always without monetary compensation to the farmer for the data itself. In fact, the Federal Government is so concerned about farm data they included a section (1619) on “information gathering” into the latest farm bill.
Over time, this massive transfer of knowledge from individual farmers or collectives to multinational corporations risks beggaring farmers by robbing them of one of their most vital assets: data, and turning them into little more than passive caretakers of automated equipment managed, controlled and accountable to distant corporate masters.

Weighing in is Kevin Kenney, a vocal advocate for the “right to repair” agricultural equipment (and also an alternative fuel systems engineer at Grassroots Energy LLC). In the interview, he warns about the dangers of tying repairs to factory-installed firmware, and argues that its the long-time farmer’s “trade secrets” that are really being harvested today. The ultimate beneficiary could end up being the current “cabal” of tractor manufacturers.

“While we can all agree that it’s coming…the question is who will own these robots?”

First, we need to acknowledge that there are existing laws on the books which for whatever reason, are not being enforced. The FTC should immediately start an investigation into John Deere and the rest of the ‘Tractor Cabal’ to see to what extent farmers’ farm data security and privacy are being compromised. This directly affects national food security because if thousands- or tens of thousands of tractors’ are hacked and disabled or their data is lost, crops left to rot in the fields would lead to bare shelves at the grocery store… I think our universities have also been delinquent in grasping and warning farmers about the data-theft being perpetrated on farmers’ operations throughout the United States and other countries by makers of precision agricultural equipment.

Thanks to long-time Slashdot reader chicksdaddy for sharing the article.

Read more of this story at Slashdot.

Scientists Propose AI Apocalypse Kill Switches

A paper (PDF) from researchers at the University of Cambridge, supported by voices from numerous academic institutions including OpenAI, proposes remote kill switches and lockouts as methods to mitigate risks associated with advanced AI technologies. It also recommends tracking AI chip sales globally. The Register reports: The paper highlights numerous ways policymakers might approach AI hardware regulation. Many of the suggestions — including those designed to improve visibility and limit the sale of AI accelerators — are already playing out at a national level. Last year US president Joe Biden put forward an executive order aimed at identifying companies developing large dual-use AI models as well as the infrastructure vendors capable of training them. If you’re not familiar, “dual-use” refers to technologies that can serve double duty in civilian and military applications. More recently, the US Commerce Department proposed regulation that would require American cloud providers to implement more stringent “know-your-customer” policies to prevent persons or countries of concern from getting around export restrictions. This kind of visibility is valuable, researchers note, as it could help to avoid another arms race, like the one triggered by the missile gap controversy, where erroneous reports led to massive build up of ballistic missiles. While valuable, they warn that executing on these reporting requirements risks invading customer privacy and even lead to sensitive data being leaked.

Meanwhile, on the trade front, the Commerce Department has continued to step up restrictions, limiting the performance of accelerators sold to China. But, as we’ve previously reported, while these efforts have made it harder for countries like China to get their hands on American chips, they are far from perfect. To address these limitations, the researchers have proposed implementing a global registry for AI chip sales that would track them over the course of their lifecycle, even after they’ve left their country of origin. Such a registry, they suggest, could incorporate a unique identifier into each chip, which could help to combat smuggling of components.

At the more extreme end of the spectrum, researchers have suggested that kill switches could be baked into the silicon to prevent their use in malicious applications. […] The academics are clearer elsewhere in their study, proposing that processor functionality could be switched off or dialed down by regulators remotely using digital licensing: “Specialized co-processors that sit on the chip could hold a cryptographically signed digital “certificate,” and updates to the use-case policy could be delivered remotely via firmware updates. The authorization for the on-chip license could be periodically renewed by the regulator, while the chip producer could administer it. An expired or illegitimate license would cause the chip to not work, or reduce its performance.” In theory, this could allow watchdogs to respond faster to abuses of sensitive technologies by cutting off access to chips remotely, but the authors warn that doing so isn’t without risk. The implication being, if implemented incorrectly, that such a kill switch could become a target for cybercriminals to exploit.

Another proposal would require multiple parties to sign off on potentially risky AI training tasks before they can be deployed at scale. “Nuclear weapons use similar mechanisms called permissive action links,” they wrote. For nuclear weapons, these security locks are designed to prevent one person from going rogue and launching a first strike. For AI however, the idea is that if an individual or company wanted to train a model over a certain threshold in the cloud, they’d first need to get authorization to do so. Though a potent tool, the researchers observe that this could backfire by preventing the development of desirable AI. The argument seems to be that while the use of nuclear weapons has a pretty clear-cut outcome, AI isn’t always so black and white. But if this feels a little too dystopian for your tastes, the paper dedicates an entire section to reallocating AI resources for the betterment of society as a whole. The idea being that policymakers could come together to make AI compute more accessible to groups unlikely to use it for evil, a concept described as “allocation.”

Read more of this story at Slashdot.

New Bill Would Let Defendants Inspect Algorithms Used Against Them In Court

Lauren Feiner reports via The Verge: Reps. Mark Takano (D-CA) and Dwight Evans (D-PA) reintroduced the Justice in Forensic Algorithms Act on Thursday, which would allow defendants to access the source code of software used to analyze evidence in their criminal proceedings. It would also require the National Institute of Standards and Technology (NIST) to create testing standards for forensic algorithms, which software used by federal enforcers would need to meet.

The bill would act as a check on unintended outcomes that could be created by using technology to help solve crimes. Academic research has highlighted the ways human bias can be built into software and how facial recognition systems often struggle to differentiate Black faces, in particular. The use of algorithms to make consequential decisions in many different sectors, including both crime-solving and health care, has raised alarms for consumers and advocates as a result of such research.

Takano acknowledged that gaining or hiring the deep expertise needed to analyze the source code might not be possible for every defendant. But requiring NIST to create standards for the tools could at least give them a starting point for understanding whether a program matches the basic standards. Takano introduced previous iterations of the bill in 2019 and 2021, but they were not taken up by a committee.

Read more of this story at Slashdot.