A bipartisan group of House lawmakers has introduced legislation that would give people more control over the algorithms that shape their online experience. If passed, the Filter Bubble Transparency Act would require companies like Meta to offer a version of their platforms that runs on an "input-transparent" algorithm that doesn't pull on user data to generate recommendations.

The bill would not do away with "opaque" recommendation algorithms altogether but would make it a requirement to include a toggle that allows people to switch that functionality off. Additionally, platforms that continue to use recommendation algorithms need to have a notification that informs people those recommendations are based on inferences generated by their personal data. The prompt can be a one-time notice, but it would need to be presented in a "clear, conspicuous manner," according to the proposed bill.

The legislation was introduced by Representatives Ken Buck (R-CO), David Cicilline (D-RI), Lori Trahan (D-MA) and Burgess Owens (R-UT). It's a companion bill to legislation Senators John Thune of South Dakota and Richard Blumenthal of Connecticut introduced this past June. "Consumers should have the option to engage with internet platforms without being manipulated by secret algorithms driven by user-specific data," Buck told Axios, the first outlet to report on the legislation.

Lawmakers have frequently criticized social media giants for using recommendation algorithms to boost user engagement, but so far, there's been little legislative action to curb their use. In the aftermath of the January 6th US Capitol attack, a group of more than 30 Democratic lawmakers called on Meta (then known as Facebook), Twitter and YouTube to make substantive changes to their recommendation engines but ultimately stopped short of threatening regulatory action. Although the Filter Bubble Transparency Act has bipartisan support across the House and Senate, it's unclear if it would pass.

Drones are apparently turning into assassination tools. According to CBS News and Reuters, Iraqi Prime Minister Mustafa al-Kadhimi says he survived a drone-based assassination attempt today (November 7th) at his home in Baghdad's highly secure Green Zone. The country's Interior Ministry said the attack involved three drones, including at least one bomb-laden vehicle. Six bodyguards were injured during the incident, and an official speaking talking to Reuters claimed security forces obtained the remnants of a small drone at the scene.

While the Iraqi government publicly said it was "premature" to identify culprits, CBS sources suspected the perpetrators belonged to pro-Iranian militias that have used similar tactics against Erbil International Airport and the US Embassy. The militias directly blamed al-Kadhimi for casualties in a fight between Iraqi security forces and pro-militia protesters who objected to their side's losses in an October 10th parliamentary vote.

Iraq, the US, Saudi Arabia and Iran have publicly condemned the attack. Militia leaders, however, suggested the drone attack might have been faked to distract from protesters' reported deaths.

Drone-based terrorism isn't a completely novel concept. ISIS, for instance, modified off-the-shelf drones to drop explosives. Attacks against political leaders are still very rare, though. If accurate, the reported Iraqi plot suggests drone terrorism is entering a new phase — extremists are using robotic fliers to hit major targets too dangerous to strike using conventional methods.

It's no secret that app data can reach investigators without much oversight, but you might be surprised at just who is buying that data. The Intercept and advocacy group Tech Inquiry have learned that the US Treasury Department recently bought sensitive app data from Babel Street, the same firm that handed info to the Secret Service and other agencies. The department spent over $300,000 on two contracts in the past four months to collect data for the sake of investigations.

One contract, made official in July 2021, gave Office of Foreign Assets Control (OFAC) investigators access to mobile app location data from Babel Street's Locate X tool. The info will help OFAC target people and enforce international sanctions, according to the contract. As you might expect, there's a concern the office is effectively circumventing Fourth Amendment search restrictions. The data is technically anonymous, but it's relatively easy for an investigator to link data to individuals.

The other contract, from September 2021, gives the Internal Revenue Service a tool that scrapes information from "public digital media records." The software will theoretically help the IRS catch tax evaders through online activity like social media posts and forum conversations. While it's legal to view that content, the Treasury wants Babel Street to provide "available bio-metric [sic] data" like addresses and marital status that may create a detailed profile.

The concern isn't just that the Treasury might be circumventing the Fourth Amendment by obtaining some data (particularly locations) without a warrant. This also represents an expansion of "invasive surveillance," Tech Inquiry founder Jack Poulson told The Intercept. Rather than scaling back its efforts, the US government is stepping things up.

We've asked the Treasury for comment. There's no guarantee it will back off. With that said, Senator Ron Wyden and others are pushing legislation that would require a court order for these data purchases. If bills like The Fourth Amendment Is Not For Sale Act ever become law, the government would at least need to pass a basic legal test to buy this sensitive material — even if officials wouldn't require your knowledge.

Surveillance software developer NSO Group may have a very tough road ahead. The US Commerce Department has added NSO to its Entity List, effectively banning trade with the firm. The move bars American companies from doing business with NSO unless they receive explicit permission. That's unlikely, too, when the rule doesn't allow license exceptions for exports and the US will default to rejecting reviews.

NSO and fellow Israeli company Candiru (also on the Entity List) face accusations of enabling hostile spying by authoritarian governments. They've allegedly supplied spyware like NSO's Pegasus to "authoritarian governments" that used the tools to track activists, journalists and other critics in a bid to crush political dissent. This is part of the Biden-Harris administration's push to make human rights "the center" of American foreign policy, the Commerce Department said.

The latest round of trade bans also affects Russian company Positive Technologies and Singapore's Computer Security Initiative Consultancy, bot of which were accused of peddling hacking tools.

We've asked NSO Group for comment, although its official media contact address produced an error. The company has strongly rejected claims of enabling abuses in the past, including denials that Pegasus was used to target murdered journalist Jamal Khashoggi. NSO said it had blocked access for previous abuses, and it even hired a libel attorney who accused investigative journalists and their partners of misinterpretation and making unfounded assumptions.

The Commerce Department claims to have evidence of NSO's actions, though. The net effect is the same. NSO isn't necessarily doomed. Like blocklist member Huawei, though, it may struggle to operate without access to any American partners it used before. 

This week, the federal government awarded a team that includes Boeing a contract to build a prototype 300-kilowatt laser weapon for the US Army. The military will “demonstrate” the design sometime next year. The prototype will “produce a lethal output greater than anything fielded to date,” said General Atomics Electromagnetic Systems, the other company working on the project. “This technology represents a leap-ahead capability for air and missile defense that is necessary to support the Army’s modernization efforts and defeat next-generation threats in a multi-domain battlespace.”

Even if it’s only a demonstration, the system represents a significant step up from the lasers the military has had access to in the past. Back in 2014, the US Navy deployed the experimental Laser Weapon System (LaWS) on the USS Ponce. That system could reportedly output a 30-kilowatt beam, making it mostly useful for shooting down drones and other small craft. Per the New Scientist, a 300-kilowatt laser could potentially take down missiles, in addition drones, helicopters and even airplanes. The announcement comes as the global weapons race intensifies following China’s successful trial of a hypersonic missile. 

The Federal Communications Commission has revoked the ability of China Telecom Americas to operate in the US. Citing national security concerns, the agency voted unanimously in favor of a proposal it had been considering since the end of 2020. With today’s order, the company, a subsidiary of China’s largest state-owned carrier, has 60 days to discontinue telecom services in the US.

Following a proceeding that involved input from the Justice Department, the FCC found that China Telecom is likely to comply with requests from the Chinese government, affording the country the opportunity to access, store, disrupt and misroute US communications. “Promoting national security is an integral part of the Commission’s responsibility to advance the public interest, and today’s action carries out that mission to safeguard the nation’s telecommunications infrastructure from potential security threats,” the FCC said.

Over the last year, the FCC has taken similar actions against other Chinese telecoms and equipment manufacturers. Most notably, it labeled both Huawei and ZTE as national security threats and ordered US carriers to replace any networking equipment from the two companies.

We've reached out to China Telecom Americas for comment.

The FCC might soon have its first permanent woman leader. A New York Timessource says President Biden is "expected" to nominate current acting chairwoman Jessica Rosenworcel to a permanent position as soon as today (October 26th), making her the first female to lead the commission. The nomination wouldn't be a surprising move given her existing title, broad support and alignment with White House policies on issues like net neutrality, but it would still represent a milestone for the agency.

Whether or not Rosenworcel is confirmed is another matter. The Senate must confirm Rosenworcel to make her appointment official, and she could face staunch opposition from Republicans who are both historically anti-regulation and eager to reclaim FCC control. The party could retake the majority in the commission if Rosenworcel and an empty commissioner position aren't confirmed by the end of 2021.

If Rosenworcel is confirmed, though, she would contrast sharply with the last permanent FCC chair, Ajit Pai. While much of Rosenworcel's work as acting chairwoman has focused on easy-to-pass rules on issues like robocalls, she has been a strong proponent of net neutrality and other efforts to keep big telecoms in check. That's largely the opposite of Pai, who dismantled neutrality and generally sided with incumbent telcos. Don't be surprised if Rosenworcel used a permanent appointment to undo more of Pai's work, at least so long as she has the votes.

Home Depot and Best Buy have pulled the products of Chinese tech surveillance makers linked to human rights abuses from their shelves, according to TechCrunch. Both US retail giants have stopped selling products from Lorex and Ezviz, while Lowe's no longer carries products by the former. Lorex is a subsidiary of Dahua Technology, whereas Ezviz is a surveillance tech brand owned by Hikvision. As TechCrunch explains, the US government added Dahua and Hikvision to its economic blacklist in 2019 for their role in the mass surveillance of Uighur Muslims in the province of Xinjiang.   

Earlier this year, Los Angeles Times published a report detailing how the facial recognition software developed by Lorex owner Dahua was being shopped to law enforcement as a way to identify Uighurs. A user guide for the service apparently touts its capability to identify people passing in front of its cameras by race. Meanwhile, Hikvision's cameras have been installed at mosques and detention camps in Xinjiang, according to a 2019 New York Times report. Maya Wang, a China researcher for Human Rights Watch, told the publication back then: "These systems are designed for a very explicit purpose — to target Muslims."

In a report on the human rights practices in China, the US Department of State said that the Chinese government "conducted mass arbitrary detention of Uyghurs, ethnic Kazakhs, Kyrgyz, and members of other Muslim and ethnic minority groups in Xinjiang. China Human Rights Defenders alleged these detentions amounted to enforced disappearance, since families were often not provided information about the length or location of the detention." Human rights groups believe over a million Uighurs are being detained in internment camps, but China continues to deny the allegations. 

It's unclear why the retail giants have decided to pull Lorex and Ezviz products now, but consumers have freely been able to buy their security cameras over the past couple of years after their parent companies were placed in the US economic blacklist. Home Depot told TechCrunch that it's "committed to upholding the highest standards of ethical sourcing and [it] immediately stopped selling products from Lorex when this was brought to [the company's] attention." Best Buy simply told the publication that it was “discontinuing its relationship" with both Lorex and Ezviz.

Microsoft has shared more details about a recent cyberattack campaign orchestrated by the Russian state-sponsored group blamed for last year's devastating SolarWinds hack. The company's cybersecurity experts warned that Nobelium is once again trying to access government and corporate networks around the world, despite President Joe Biden sanctioning Russia over previous cyberattacks.

According to Microsoft, the group is using the same strategy it employed in the successful SolarWinds attack — targeting companies whose products form core parts of global IT systems. In this campaign, Microsoft says, Nobelium has focused on a different aspect of the IT supply chain, namely resellers and service suppliers that provide cloud services and other tech.

The company says it has informed more than 140 providers and resellers that the group has targeted them. It believes Nobelium breached up to 14 of these companies' networks. However, Microsoft says it detected the campaign in its early stages in May, which should help mitigate the fallout.

Microsoft notes these hack attempts are part of a huge series of attacks conducted by Nobelium over the last few months. Between July 1st and October 19th, it told 609 of its customers that Nobelium had attempted to hack them on 22,868 occasions, with fewer than 10 successes. In the three years prior to July 1st, Microsoft told its customers about 20,500 attacks from all nation-state actors — not just Nobelium.

"This latest activity shares the hallmarks of Nobelium’s compromise-one-to-compromise-many approach and use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse [and] spear phishing," Microsoft's security intelligence division wrote in a tweet. Nobelium has also been known as Cozy Bear and APT29.

In 2020, hackers created a backdoor in a SolarWinds product called Orion, which was used by around 30,000 customers in the public and private sector. Nobelium is said to have carried out further hacks on the systems of nine US agencies and around 100 companies. Other hackers piggybacked onto the backdoor to facilitate their own attacks. The US sanctioned six Russian companies and 32 individuals and entities in April over alleged misconduct connected to the SolarWinds attack and attempts to interfere with the 2020 presidential election.

"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government," Tom Burt, Microsoft's corporate vice president of customer security and trust, wrote in a blog post.

Saudi Arabia is making a commitment to reduce its impact on the environment, although the timeframe won't please critics. Reutersreports Crown Prince Mohammed bin Salman and energy minister Prince Abdulaziz bin Salman now expect Saudi Arabia to achieve net zero emissions by 2060. That's behind the 2050 target for the EU, United Arab Emirates, US and other countries.

The kingdom hoped to reach net zero through a circular carbon economy program while trying to bolster the "security and stability" of the world's oil markets. While the princes said Saudi Arabia would more than double CO2 emissions reductions by 2030, they maintained that the country needed time to "properly" conduct a transition.

The Crown Prince said there was a chance Saudi Arabia would hit its target before 2060, and state oil producer Saudi Aramco hopes to reach net zero by 2050. However, the country has been moving relatively slowly. It only opened its first renewable energy plant in April, and its first wind farm in August. It's still planning its first hydrogen fuel plant.

The conservative schedule isn't surprising. Although Saudi Arabia has been diversifying its economy, oil and gas represent about 50 percent of the country's gross domestic product and 70 percent of its exports. Aggressive emissions reductions could affect the kingdom's core business.

That dependence might also create problems, however. The UK and some US states are among those banning sales of new combustion engine passenger vehicles within the next 10 to 15 years, and others might not be far behind. Oil exporters like Saudi Arabia may have to adjust their emissions targets if electric vehicle sales grow quicker than expected.