Over a year after shutting down its previous attempt at modernizing its IT infrastructure, the Department of Defense (DOD) has picked Amazon, Google, Microsoft and Oracle as its new cloud service providers. The Pentagon has awarded the companies separate contracts for the Joint Warfighting Cloud Capability (JWCC) project, and according to Reuters, they will have a shared budget ceiling of $9 billion. This initiative is a successor to DOD's cancelled Joint Enterprise Defense Infrastructure (JEDI) program that was supposed to connect its different divisions using a single cloud service provider. 

If you'll recall, the department awarded Microsoft with the $10 billion JEDI contract in 2019. Shortly after that, though, Amazon challenged Microsoft's victory in court, claiming that the evaluation process had "clear deficiencies, errors and unmistakable bias." Amazon argued back then that the Pentagon's decision was based on "egregious errors" and "the result of improper pressure from President Donald J. Trump." The company accused the former President of launching "repeated public and behind-the-scenes attacks" against it in an effort to steer the Pentagon away from giving the JEDI contract to Jeff Bezos, "his perceived political enemy." 

While the Pentagon's inspector general office had found no evidence that Trump interfered with the selection process, it also noted that several White House officials did not cooperate with its investigation. In the end, the department chose to cancel the JEDI project because it "no longer meets its needs." Now, under the JWCC, the Pentagon will work with several vendors for the cloud capabilities and services it needs instead of with just a single one.

The companies' contracts will run until 2028 and will provide the DOD access to centralized management and distributed control, global accessibility, advanced data analytics and fortified security, among other capabilities. 

President Joe Biden has signed H.R. 7132 or Safe Connections Act of 2022 into law, and it could help domestic violence, sexual assault, stalking and human trafficking survivors ultimately cut ties with abusers. Under the new law, users can ask mobile service providers to separate their line — as well as their dependents' — from their abusers' if they have a shared contract. That would ensure that abusers no longer have access to their phone records and can't get their service cut. Carriers aren't allowed to charge fees to grant these requests, which they must do so within do two days. 

In addition, Safe Connections Act of 2022 will require the Federal Communications Commission (FCC) to create rules that would make it easier for survivors seeking separate mobile plans to enroll in its Lifeline Program for up to six months. This FCC initiative gives qualifying low-income consumers a discount on phone services, so they can remain connected to job opportunities, friends, family and emergency services while they're working to get back on their feet. The commission also has to establish rules that would prevent calls or texts to hotlines from appearing on call logs, presumably to keep survivors safe. 

In a blog post, the Electronic Frontier Foundation (EFF) celebrated the new law but also said that it would have "preferred a bill that did not require survivors to provide paperwork to 'prove' their abuse." For a request to be valid, a user must submit "appropriate documentation" to verify that the person they're sharing a contract with "committed or allegedly committed an act of domestic violence, trafficking, or a related criminal act against the survivor."

Having to provide paperwork may not be easy, depending on a person's circumstances, and it could retraumatize survivors trying to break free from abusive situations. "However, this new law is a critical step in the right direction," the EFF continued, "and it is encouraging that Congress and the President agreed."

Three Democratic lawmakers in the House are demanding answers from Elon Musk about a recent “platform manipulation campaign” related to recent protests in China. In a letter to the Twitter CEO, Representatives Raja Krishnamoorthi, Adam Schiff and Jackie Speier write that they have “deep concern” about the recent spam campaign that drowned out tweets about the protests.

The lawmakers want Musk to answer questions about whether Twitter has any evidence the spam campaign was a state-backed effort by the People’s Republic of China (PRC). “To ensure that the United States is prepared to counter, thwart, and deter foreign influence threats online, it is critical that we understand the extent of the PRC’s potential manipulation of Twitter and identify how recent changes at Twitter are affecting the threat of CCP foreign influence operations on social media,” they write.

The lawmakers also address recent changes at Twitter under Musk’s leadership, with questions about what Twitter’s “emphasis on free speech” means for information access on the platform; as well as whether the company has the “capacity” to identify platform manipulation campaigns.

Since Musk took over Twitter, questions have swirled about how he will handle the platform’s dealings with Chinese officials, such as requests to remove “state affiliated” labels from their accounts. Tesla, the other company Musk runs, is highly dependent on China for manufacturing.

So far, Musk hasn’t publicly acknowledged the letter, which provides a December 31st deadline for a response. Twitter no longer has a communications team. However, Musk has shown little regard for other letters from lawmakers. He recently addressed a letter from Massachusetts Senator Ed Markey about Twitter’s failure to stop impersonation attempts with a dismissive tweet.

TikTok is now facing its first state lawsuit over data security. Indiana's Attorney General has sued TikTok for allegedly misleading users about China's data access and violating child safety. The social media service supposedly broke state consumer law by failing to warn that the Chinese government could theoretically obtain sensitive data. The ByteDance-owned firm also supposedly tricked customers by giving its app a "12+" age rating on the App Store and Google Play, even though kids could readily find drug- and sex-related content.

Indiana wants fines of up to $5,000 for every violation. It's also asking a state Superior Court to order an end to the purportedly deceptive claims about data handling, and to stop marketing the app toward young teens.

We've asked TikTok for comment. The social network has repeatedly denied sharing US user data with the Chinese government and has taken steps to reassure politicians and critics, such as storing American account data stateside by default. It also says there are "robust" approval processes and controls for ByteDance workers who might access data outside the US. TikTok has also limited teens' access to more mature content, including age gates for some videos.

The lawsuit compounds problems that have emerged for TikTok in recent weeks. Maryland's governor banned use of the app on state government devices over security concerns, echoing a similar move by South Dakota in late November. The Wall Street Journalsources also claim a potential national security deal with the Biden administration has stalled yet again. While TikTok had a tentative agreement this summer, some officials are concerned the deal didn't go far enough to limit China's access.

The lawsuit's chances are uncertain. Potential access to data doesn't mean TikTok is being lax, and it's notable that apps like Facebook and Instagram are also rated 12+ despite the potential to see more adult-oriented material (Twitter is rated 17+). However, the Indiana case puts further pressure on TikTok to explain and potentially modify its practices.

A US government attempt to compensate publishers for web links has fallen apart, as Congress has cut the Journalism Competition and Preservation Act (JCPA) from the annual national defense spending bill. The measure would have made temporary exceptions to antitrust law letting media outlets negotiate revenue sharing deals, such as receiving a cut of ad money from links to news articles in search results and social media posts.

The removal comes after extensive resistance from tech firms. Just this week, Facebook owner Meta warned it would "consider removing news" from its platform rather than submit to government-required negotiations for revenue sharing deals. As with the social media giant's objections to similar legislative efforts in Australia and Canada, the company argued that the JCPA would force companies to pay for content whether or not they wanted to see it. This would supposedly create a "cartel-like entity" that made one company subsidize others.

Two industry groups, the Computer & Communications Industry Association and NetChoice, also said they would launch extensive ad campaigns to oppose the JCPA. Both groups include major tech companies like Amazon, Google and Meta. Google has been a vocal opponent of link revenue shares in the past, and only reluctantly agreed to them in countries like France.

Advocacy groups have taken more varied stances. Public Knowledge and its allies were concerned tech companies could be forced to carry extreme content, and that the JCPA favored larger media producers over small publishers. Political critics across the spectrum, meanwhile, have worried that the Act could alternately strip away moderation tools or fuel biased reporting.

It's not certain what will happen to the efforts behind the JCPA. Lead proponent Sen. Amy Klobuchar said politicians "must" find a way to improve compensation for news. However, it's safe to say the media companies that supported the bill won't be happy. The Los Angeles Times, Fox News owner News Corp. and others had argued that the would-be law was necessary to counter years of declining ad revenue in the shift toward online news coverage. For now, at least, they won't have that potential help.

In late November, San Francisco's Board of Supervisors has approved a proposal that would allow the city's police force to use remote-controlled robots as a deadly force option when faced with violent or armed suspects. The supervisors voted 8-to-3 in favor of making it a new policy despite opposition by civil rights groups, but now they seem to have had a change of heart. During the second of two required votes before a policy can be sent to the mayor's office for final approval, the board voted 8-to-3 to explicitly ban the use of lethal force by police robots. As San Francisco Chronicle notes, this about-face is pretty unusual, as the board's second votes are typically just formalities that echo the first ones' results.

The San Francisco Police Department made the proposal after a law came into effect requiring California officials to define the authorized uses of their military-grade equipment. It would have allowed cops to equip robots with explosives "to contact, incapacitate, or disorient violent, armed, or dangerous suspects." Authorities could only use the robots for lethal force after they've exhausted all other possibilities, and a high-ranking official would have to approve their deployment. However, critics are concerned that the machines could be abused. 

Dean Preston, one of the supervisors who oppose the use of robots as a deadly force option, said the policy will "place Black and brown people in disproportionate danger of harm or death." In a newer statement made after the board's second vote, Preston said: "There have been more killings at the hands of police than any other year on record nationwide. We should be working on ways to decrease the use of force by local law enforcement, not giving them new tools to kill people."

While the supervisors voted to ban the use of lethal force by police robots — for now, anyway — they also sent the original policy proposing the use of killer robots back for review. The board's Rules Committee could now amend it further to have stricter rules for use of bomb-equipped robots, or it could scrap the old proposal altogether.

The Department of Homeland Security said Monday it’s again pushing back the enforcement of Real ID requirements for state driver’s licenses and ID cards. The latest delay moves states’ compliance deadline to May 7th, 2025.

Passed by Congress in 2005 as a response to the Sept. 11th, 2001 terrorist attacks, the Real ID Act requires stricter documentation for boarding flights and entering federal or nuclear facilities. For example, to get a Real ID-compliant driver’s license or state ID card, you need to provide paperwork for your name, date of birth, address, Social Security card and birth certificate.

The DHS says the requirements increase state IDs' reliability and accuracy. Officials can quickly see whether a card is Real ID-compliant by looking for the gold star in the upper right-hand corner.

When the bill passed, states initially had a 2008 compliance deadline. But after some states and US territories refused to play ball, the cutoff faced delay after delay. Despite the ever-shifting deadlines, 13 states rolled out support in 2012. The list grew in the following years as reluctant states faced the prospect of having their residents blocked from flights. But the COVID-19 pandemic led to even more kicking of the can, and today’s cutoff point pushes it back from May 2023 to May 2025.

“DHS continues to work closely with US states, the District of Columbia, and the US territories to meet Real ID requirements,” said Secretary of Homeland Security Alejandro N. Mayorkas in a news release today. “This extension will give states needed time to ensure their residents can obtain a Real ID-compliant license or identification card. DHS will also use this time to implement innovations to make the process more efficient and accessible. We will continue to ensure that the American public can travel safely.” 

The US military has unveiled the B-21 Raider, its first new stealth bomber in 30 years. Northrop Grumman, which developed the aircraft, first showed us a silhouette of the plane covered by a shroud way back in 2015. Now, the Pentagon has officially presented the B-21 at an event at Northrop Grumman's plant in Palmdale, California, but most of its details still remain a secret. Prior to the event, though, the company called it the "world’s first sixth-generation aircraft," which means it's a lot more technologically advanced than the military jets in service today.

According to ABC News, US Defense Secretary Lloyd Austin said during the event that "no other long range bomber can match [the B-21's] efficiency." Austin also said that "fifty years of advances in low observable technology" have gone into the aircraft and that even the most sophisticated air defense systems will have a hard time detecting a B-21 in the sky. 

The aircraft was designed using next-generation stealth technology so that it can remain undetectable even to advanced radars and air defense systems, Northrop Grumman said in a previous announcement. A Northrop Grumman official also said that the B-21 can fly in full stealth mode every day, according to Air and Space Forces Magazine, unlike the current model that needs hundreds of hours of maintenance between missions. The aircraft will use a cloud-based digital infrastructure that's cheaper and easier maintain, and the military can also roll out rapid upgrades for separate components so that it's always protected against evolving threats. 

Northrop Grumman is currently working on six B-21 units, which are in various stages of production, but the Air Force is expected to order at least 100 of them. The military will start testing the stealth bomber in California sometime next year before the first units go into service by mid-2020s.

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida's Department of Revenue website had a flaw that exposed hundreds of filers' bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer's application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department's pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was "no sign" attackers abused the flaw, but didn't say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

It's now particularly costly for Ukrainians to use SpaceX's Starllink if they want to stay online during the Russian invasion. The Financial Timesreports that the price of a Starlink satellite terminal has almost doubled in Ukraine, jumping from the equivalent of $385 to about $700. The monthly rate isn't as expensive as it once was (as high as $100), but it's climbing from $60 to $75.

It's not known if prices have also jumped for the Ukrainian government, which obtains Starlink from a variety of sources that include SpaceX itself, foreign governments and even crowdsourcing. Individual prices have climbed in Poland, where some Ukrainians get their Starlink equipment delivered to avoid complications with local deliveries.

The hikes come as Ukraine's cellular networks are buckling under the strain of Russian attacks on the country's electrical grid. In some cases, Starlink might be the only way for locals to reach the internet. Some residents in recently liberated areas also lean on the technology while phone carriers are busy restoring service. Higher prices risk putting internet access out of reach, and may force donors to pay more to supply as many terminals as they did before.

We've asked SpaceX for comment. The company has complained about its own costs for supplying Starlink access in Ukraine. While it was quick to switch on connectivity after the Russian assault began in February, it has partly relied on US government funding to supply terminals and maintained in September that it couldn't continue offering service without further aid. After that complaint became public, however, Elon Musk said SpaceX would keep paying for Ukraine even though it supposedly meant losing money.