TikTok is stepping up its efforts to fight a new bill that could force a ban of the app in the United States. The app has been alerting its millions of US users about the measure, which would force ByteDance to sell TikTok in order for the app to remain available in US app stores.

“TikTok is at risk of being shut down in the US,” the push notification says. “Call your representative now.” An in-app message then instructs users to “speak up now — before your government strips 170 million Americans of their Constitutional right to free expression.” It also provides users a shortcut to dial their representative’s office if they enter their zip code.

The push alerts are reportedly already having a dramatic effect. Politico reporter Olivia Beavers said that House staffers report their offices are being inundated with calls. One staffer said on X that “we're getting a lot of calls from high schoolers asking what a Congressman is.”

Unfortunately for TikTok, their plan to stir up resistance to the bill may not be having the intended effect. The flood of calls may in fact be “backfiring,” according to Beavers, who says the response may be increasing support for the bill among members of Congress. In a post on X, Representative Mike Gallagher, who chairs the select committee that introduced the bill, said the push notifications were “interfering with the legislative process.” TikTok didn’t immediately respond to a request for comment.

The alerts come amid growing support for the measure, which was introduced earlier this week by members of the House Energy and Commerce Committee. Committee members are expected to vote Thursday on whether to advance the bill. President Joe Biden, whose administration has also sought to force a divestiture of TikTok, is reportedly supportive of the bill. As Punchbowl News notes, previous bills to ban TikTok have not had the backing of the White House.

If passed, the bill would give TikTok about six months to separate itself from ByteDance or else an app store ban would take effect. Digital rights groups oppose the measure. The ACLU has called it “unconstitutional,” while other groups say that comprehensive privacy legislation would be a more effective way to protect Americans’ data.

A group of lawmakers have introduced a new bill that would force ByteDance to sell TikTok in order for the app to remain available in the United States. The “Protecting Americans from Foreign Adversary Controlled Applications Act” would prohibit US app stores and web hosting services from distributing TikTok unless it divested from parent company ByteDance.

The bill is the latest in a long line of attempts by lawmakers and other officials to ban or force a sale of the app. Former President Donald Trump attempted to force a sale of TikTok in 2020, but was ultimately unsuccessful. The Biden Administration has also pressured the company to divest. And a US District Court Judge recently blocked an attempt to ban the app in Montana.

The new bill, which comes from a bipartisan group of lawmakers in the House, takes a different approach. It would give ByteDance a six-month window to sell TikTok before app store-level bans would come into effect. It would also require TikTok and other apps to “provide users with a copy of their data in a format that can be imported” into competing apps. And though TikTok is referenced several times in the text of the bill, the legislation would open the door for bans on other “foreign adversary-controlled” apps if the president deemed them to be a national security threat.

“This bill is an outright ban of TikTok, no matter how much the authors try to disguise it,” TikTok said in a statement. “This legislation will trample the First Amendment rights of 170 million Americans and deprive 5 million small businesses of a platform they rely on to grow and create jobs.”

TikTok CEO Shou Chew has maintained that a divestment would not fully address officials’ concerns about US user data. The company has spent years trying to address national security concerns about its service with an initiative called Project Texas. Under the plan, created as a result of years of negotiations with the Committee on Foreign Investment in the United States (CFIUS), US users’ data would be separated into US-based servers and government officials would be able to oversee audits of TikTok’s source code and other aspects of its operations.

The Washington Post reported last year that TikTok’s negotiations with CFIUS had been recently “revived amid doubts the [Biden] administration has the authority to ban TikTok on its own.” If Congress was able to pass the new bill, it would clear up such questions and create a new process for forcing ByteDance's hand. 

Oregon is set to become the latest state to pass a Right to Repair law. The Oregon House of Representatives passed the Right to Repair Act (SB 1596) on March 4, two weeks after it advanced from the Senate. It now heads to Governor Tina Kotek's desk, who has five days to sign it.

California, Minnesota and New York have similar legislation, but Nathan Proctor, the Public Interest Research Group's Right to Repair Campaign senior director, calls Oregon's legislation "the best bill yet." (It's worth noting that Colorado also has its own Right to Repair legislation that has a different remit around agricultural equipment rather than around consumer electronics.)

If made into law, Oregon's Right To Repair Act would be the first to ban "parts pairing," a practice that prevents individuals from swapping out a piece for another, theoretically equivalent one. For example, a person might replace their iPhone battery with an identical one from the same model, but they'll likely receive an error message that it either can't be verified or used. The system forces people to buy the part directly from the manufacturer and can only activate it with their consent — otherwise users will have to buy an entirely new device altogether. Instead, under the new bill, manufacturers would be required to:

• Prevent or inhibit an independent repair provider or an owner from installing or enabling the function of an otherwise functional replacement part or a component of consumer electronic equipment, including a replacement part or a component that the original equipment manufacturer has not approved.

• Reduce the functionality or performance of consumer electronic equipment.

• Cause consumer electronic equipment to display misleading alerts or warnings, which the owner cannot immediately dismiss, about unidentified parts.

Along with restricting parts pairing, the act dictates that manufacturers must make compatible parts available to device owners through the company or an authorized service provider for the most favorable price and without any "substantial" conditions.

The parts pairing ban applies to any devices first built or sold in Oregon starting in 2025. However, the law backdates general coverage of electronics to 2015, except for cell phones. Oregon's mobile devices purchased starting July 2021 count — a stipulation in line with California's and Minnesota's Right to Repair bills.

The White House has announced an investigation into cars built in China and other unnamed "countries of concern." The Biden administration notes that cars are "constantly connecting" with drivers' phones, other vehicles, American infrastructure and their manufacturers, and that newer models use tech such as driver assist systems.

"Connected vehicles collect large amounts of sensitive data on their drivers and passengers; regularly use their cameras and sensors to record detailed information on US infrastructure; interact directly with critical infrastructure; and can be piloted or disabled remotely," the White House said in a statement. Officials are concerned that "new vulnerabilities and threats" could arise from connected vehicles if foreign governments are able to access data from them. They are especially wary that said countries of concern could use such information in ways that put national security at risk.

The Department of Commerce will lead the investigation. "We need to understand the extent of the technology in these cars that can capture wide swaths of data or remotely disable or manipulate connected vehicles, so we are soliciting information to determine whether to take action under our ICTS [information and communications technology and services] authorities," Commerce Secretary Gina Raimondo said.

Through its advance notice of proposed rulemaking [PDF], the agency is looking for feedback from the public to help determine "the technologies and market participants that may be most appropriate for regulation." The investigation will help the Commerce Department decide whether to take action. It's the first time that the agency's Bureau of Industry and Security is carrying out an investigation under Trump-era Executive Orders "focused on protecting domestic information and communications technology and services supply chains from national security threats," the White House said.

"China is determined to dominate the future of the auto market, including by using unfair practices. China’s policies could flood our market with its vehicles, posing risks to our national security. I’m not going to let that happen on my watch," President Joe Biden said. "Connected vehicles from China could collect sensitive data about our citizens and our infrastructure and send this data back to the People’s Republic of China. These vehicles could be remotely accessed or disabled."

As The Washington Post points out, cars built in China aren't especially common on US roads as yet, but they're becoming an increasingly familiar sight in other markets, such as Europe. While many of the vehicles that are causing concerns are EVs, its cars' cameras, sensors and software that are the focus of the probe.

It's not the first time that the US has investigated Chinese companies over concerns that they pose security risks to the country's infrastructure. A few years ago, it banned the import and sale of telecom networking equipment made by Huawei and ZTE (after stopping government employees from using the companies' phones). The government also required telecoms to remove and replace Huawei and ZTE gear in existing infrastructure at great expense.

The two primary fears around AI are that the information these systems produce is gibberish, and that it'll unjustly take jobs away from people who won't make such sloppy mistakes. But the UK's current government is actively promoting the use of AI to do the work normally done by civil servants, including drafting responses to parliamentary inquiries, the Financial Times reports.

UK Deputy Prime Minister Oliver Dowden is set to unveil a "red box" tool that can allegedly absorb and summarize information from reputable sources, like the parliamentary record. A separate instrument is also being trialed that should work similarly but with individual responses to public consultations. While it's unclear how quickly the AI tool can perform this work, Dowden claims it takes three months with 25 civil servants. However, the drafts would allegedly always be double-checked by a human and include sourcing. 

The Telegraph quoted Dowden arguing that implementing AI technology is critical to cutting civil service jobs — something he wants to do. "It really is the only way, I think, if we want to get on a sustainable path to headcount reduction. Remember how much the size of the Civil Service has grown as a result of the pandemic and, and EU exit preparedness. We need to really embrace this stuff to drive the numbers down." Dowden's statement aligns with hopes from his boss, Prime Minister Rishi Sunak, to use technology to increase government productivity — shockingly, neither person has offered to save money by giving AI their job. 

Dowden does show some restraint against having AI do everything. In a pre-speech briefing, he noted that the government wouldn't use AI for any "novel or contentious or highly politically sensitive areas." At the same time, the Cabinet Office's AI division is set to grow from 30 to 70 employees and to get a new budget of £110 million ($139.1 million), up from £5 million ($6.3 million).

In a followup to a tentative ruling made in December, a federal judge has ordered Elon Musk to comply with the U.S. Securities and Exchange Commission's (SEC) subpoena and testify again in its probe of his Twitter takeover, Reuters reports. Per the order, which was filed Saturday night in a California court, Musk and the SEC now have a week to work out a time and place for his appearance or it will be decided for them. The SEC has been investigating Musk’s purchase of Twitter, now X, since 2022 over concerns about his lateness in disclosing his stake in Twitter.

The order comes after Musk failed to appear for a testimony in September and later refused to attend a rescheduled interview, prompting the SEC to sue. US Magistrate Judge Laurel Beeler sided with the SEC after Musk tried to challenge its subpoena, which he claims is seeking irrelevant information and is harassment, as he’s already been interviewed twice. But, the SEC says it has obtained new documents in relation to the probe and has further questions for the X owner. Musk also argued that it exceeds the SEC’s authority because the subpoena was issued by an SEC staff member appointed by the SEC’s Director of Enforcement. Beeler struck these arguments down, ruling that the subpoena is valid. 

Even NASA is not immune to layoffs. The agency says it's cutting around 530 employees from its Jet Propulsion Laboratory (JPL) in California amid budget uncertainty. That's eight percent of the facility's workforce. JPL is laying off about 40 contractors too, just weeks after imposing a hiring freeze and canning 100 other contractors. Workers are being informed of their fates today.

"After exhausting all other measures to adjust to a lower budget from NASA, and in the absence of an FY24 appropriation from Congress, we have had to make the difficult decision to reduce the JPL workforce through layoffs," NASA said in a statement spotted by Gizmodo. "The impacts will occur across both technical and support areas of the Lab. These are painful but necessary adjustments that will enable us to adhere to our budget allocation while continuing our important work for NASA and our nation."

Uncertainty over the final budget that Congress will allocate to NASA for 2024 has played a major factor in the cuts. It's expected that the agency will receive around $300 million for Mars Sample Return (MSR), an ambitious mission in which NASA plans to launch a lander and orbiter to the red planet in 2028 and bring back soil. In its 2024 budget proposal, NASA requested just under $950 million for the project.

“While we still do not have an FY24 appropriation or the final word from Congress on our Mars Sample Return (MSR) budget allocation, we are now in a position where we must take further significant action to reduce our spending,” JPL Director Laurie Leshin wrote in a memo. "In the absence of an appropriation, and as much as we wish we didn’t need to take this action, we must now move forward to protect against even deeper cuts later were we to wait."

NASA has yet to provide a full cost estimate for MSR, though an independent report pegged the price at between $8 billion and $11 billion. In its proposed 2024 budget, the Senate Appropriations subcommittee ordered NASA to submit a year-by-year funding plan for MSR. If the agency does not do so, the subcommittee warned that the mission could be canceled.

That's despite MSR having enjoyed success so far. The Perseverance rover has dug up some soil samples that contain evidence of organic matter and would warrant closer analysis were NASA able to bring them back to Earth. The samples could help scientists learn more about Mars, such as whether the planet ever hosted life.

The CEOs of Meta, Snap, Discord, X and TikTok testified at a high-stakes Senate Judiciary Committee hearing on child exploitation online. During the hearing, Mark Zuckerberg, Evan Spiegel, Jason Citron, Linda Yaccarino and Shou Chew spent hours being grilled by lawmakers about their records on child safety. 

The hearing was the first time Spiegel, Citron and Yaccarino testified to Congress. Notably, all three were subpoenaed by the committee after refusing to appear voluntarily, according to lawmakers. Judiciary Committee Chair Senator Dick Durbin noted that Citron “only accepted services of his subpoena after US Marshals were sent to Discord’s headquarters at taxpayers’ expense.”

The hearing room was filled with parents of children who had been victims of online exploitation on social media. Many members of the audience silently held up photos of their children as the CEOs entered the room, and Durbin kicked off the hearing with a somber video featuring victims of child exploitation and their parents.

“Discord has been used to groom, abduct and abuse children,” Durbin said. “Meta’s Instagram helped connect and promote a network of pedophiles. Snapchat’s disappearing messages have been co-opted by criminals who financially extort young victims. TikTok has become a quote platform of choice for predators to access, engage and groom children for abuse. And the prevalence of CSAM on X has grown as the company has gutted its trust and safety workforce.”

During the hearing, many of the senators shared personal stories of parents whose children had died by suicide after being exploited online. "Mr. Zuckerberg, you and the companies before us — I know you don't mean it to be so — but you have blood on your hands," Senator Lindsey Graham said in his opening remarks. The audience applauded. 

While years of similar hearings have so far failed to produce any new laws, there is growing bipartisan support in Congress for new safety regulations. As Tech Policy Press points out, there are currently more than half a dozen bills dealing with children's online safety that have been proposed by senators. These include the Kids Online Safety Act (KOSA), which would require platforms to create more parental control and safety features and submit to independent audits, and COPPA 2.0, a revised version of the 1998 Children and Teens' Online Privacy Protection Act, which would bar companies from collecting or monetizing children’s data without consent.

Senators have also proposed a number of bills to address child exploitation, including the EARN IT Act, currently in its third iteration since 2020, and the STOP CSAM Act. None of these have advanced to the Senate floor for a vote. Many of these bills have faced intense lobbying from the tech industry, though some companies in attendance said they are open to some aspects of the legislation.

Zuckerberg suggest a different approach, saying he supported age verification and parental control requirements at the app store level, which would effectively shift the burden to Apple and Google. Meta has come under particular pressure in recent months following a lawsuit from 41 states for harming teens’ mental health. Court documents from the suit allege that Meta turned a blind eye to children under 13 using its service, did little to stop adults from sexually harassing teens on Facebook and that Zuckerberg personally intervened to stop an effort to ban plastic surgery filters on Instagram.

Developing...

A Microsoft manager claims OpenAI’s DALL-E 3 has security vulnerabilities that could allow users to generate violent or explicit images (similar to those that recently targeted Taylor Swift). GeekWire reported Tuesday the company’s legal team blocked Microsoft engineering leader Shane Jones’ attempts to alert the public about the exploit. The self-described whistleblower is now taking his message to Capitol Hill.

“I reached the conclusion that DALL·E 3 posed a public safety risk and should be removed from public use until OpenAI could address the risks associated with this model,” Jones wrote to US Senators Patty Murray (D-WA) and Maria Cantwell (D-WA), Rep. Adam Smith (D-WA 9th District), and Washington state Attorney General Bob Ferguson (D). GeekWire published Jones’ full letter.

Jones claims he discovered an exploit allowing him to bypass DALL-E 3’s security guardrails in early December. He says he reported the issue to his superiors at Microsoft, who instructed him to “personally report the issue directly to OpenAI.” After doing so, he claims he learned that the flaw could allow the generation of “violent and disturbing harmful images.”

Jones then attempted to take his cause public in a LinkedIn post. “On the morning of December 14, 2023 I publicly published a letter on LinkedIn to OpenAI’s non-profit board of directors urging them to suspend the availability of DALL·E 3),” Jones wrote. “Because Microsoft is a board observer at OpenAI and I had previously shared my concerns with my leadership team, I promptly made Microsoft aware of the letter I had posted.”

OpenAI

Microsoft’s response was allegedly to demand he remove his post. “Shortly after disclosing the letter to my leadership team, my manager contacted me and told me that Microsoft’s legal department had demanded that I delete the post,” he wrote in his letter. “He told me that Microsoft’s legal department would follow up with their specific justification for the takedown request via email very soon, and that I needed to delete it immediately without waiting for the email from legal.”

Jones complied, but he says the more fine-grained response from Microsoft’s legal team never arrived. “I never received an explanation or justification from them,” he wrote. He says further attempts to learn more from the company’s legal department were ignored. “Microsoft’s legal department has still not responded or communicated directly with me,” he wrote.

Engadget reached out to Microsoft and OpenAI, but neither company responded immediately. We’ll update this article if we hear back.

The whistleblower says the pornographic deepfakes of Taylor Swift that circulated on X last week are one illustration of what similar vulnerabilities could produce if left unchecked. 404 Media reported Monday that Microsoft Designer, which uses DALL-E 3 as a backend, was part of the deepfakers’ toolset that made the video. The publication claims Microsoft, after being notified, patched that particular loophole.

“Microsoft was aware of these vulnerabilities and the potential for abuse,” Jones concluded. It isn’t clear if the exploits used to make the Swift deepfake were directly related to those Jones reported in December.

Jones urges his representatives in Washington, DC, to take action. He suggests the US government create a system for reporting and tracking specific AI vulnerabilities — while protecting employees like him who speak out. “We need to hold companies accountable for the safety of their products and their responsibility to disclose known risks to the public,” he wrote. “Concerned employees, like myself, should not be intimidated into staying silent.”

The National Security Agency’s director has confirmed that the agency buys Americans’ web browsing data from brokers without first obtaining warrants. Senator Ron Wyden (D-OR) blocked the appointment of the NSA’s inbound director Timothy Haugh until the agency answered his questions regarding its collection of Americans’ location and Internet data. Wyden said he’d been trying for three years to “publicly release the fact that the NSA is purchasing Americans’ internet records.”

In a letter dated December 11, current NSA Director Paul Nakasone confirmed to Wyden that the agency does make such purchases from brokers. "NSA acquires various types of [commercially available information] for foreign intelligence, cybersecurity, and other authorized mission purposes, to include enhancing its signals intelligence (SIGINT) and cybersecurity missions," Nakasone wrote. "This may include information associated with electronic devices being used outside and, in certain cases, inside the United States."

Nakasone went on to claim that the NSA "does not buy and use location data collected from phones known to be used in the United States either with or without a court order. Similarly, NSA does not buy and use location data collected from automobile telematics systems from vehicles known to be located in the United States."

An NSA spokesperson told Reuters that the agency uses such data sparingly but that it has notable value for national security and cybersecurity purposes. "At all stages, NSA takes steps to minimize the collection of US [personal] information, to include application of technical filters," the spokesperson said.

Wyden has called the practice unlawful. "Such records can identify Americans who are seeking help from a suicide hotline or a hotline for survivors of sexual assault or domestic abuse," he said.

The senator urged Director of National Intelligence Avril Haines to order US intelligence agencies to stop buying Americans’ private data without consent. He also asked Haines to direct intelligence agencies to "conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata." Wyden said that any data that does not comply with Federal Trade Commission standards regarding personal data sales should be deleted.

Wyden pointed to an FTC settlement that this month banned a data broker from selling location data. The agency alleged that the information, which it claimed was sold to buyers including government contractors, "could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters."

The FTC stated in its complaint against the broker, formerly known as X-Mode Social, that by "failing to fully inform consumers how their data would be used and that their data would be provided to government contractors for national security purposes, X-Mode failed to provide information material to consumers and did not obtain informed consent from consumers to collect and use their location data."

The settlement was the first of its kind with a data broker. In a statement, Wyden, who has been investigating the data broker industry for several years, said he was "not aware of any company that provides such a warning to users [regarding their consent] before collecting their data."

The issue of US federal agencies buying phone location data isn't exactly new. In 2020, it emerged that Customs and Border Protection had been doing so. The following year, Wyden claimed the Defense Intelligence Agency and the Pentagon bought and used location data from Americans’ phones.